Divide administrative responsibilities for best security

Regardless of how trustworthy your network administrator is, the best security practice is to divide administrative tasks and responsibilities between several people. This provides a system of checks and balances and avoids a situation in which one person has too much power. No one should use the built-in Administrator account to perform administrative tasks. Instead, each administrator should be given an account with administrative privileges. This allows you to track who made particular changes or accessed particular files or programs. In Windows domains, you can use role-based administration and the Delegation Of Control wizard to assign permissions for specific administrative tasks. You should establish an incident response team to handle security breaches that occur, instead of leaving this task to one person or to the network administrators.