首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >CISSP考试指南笔记:7.2 行政管理

CISSP考试指南笔记:7.2 行政管理

作者头像
血狼debugeeker
发布2021-03-23 11:10:07
3420
发布2021-03-23 11:10:07
举报
文章被收录于专栏:debugeeker的专栏debugeeker的专栏

Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.

Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.

Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.

Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.

Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.

Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.

Security and Network Personnel


The following list lays out tasks that should be carried out by the security administrator, not the network administrator:

  • Implements and maintains security devices and software
  • Carries out security assessments
  • Creates and maintains user profiles and implements and maintains
  • Configures and maintains security labels in mandatory access control (MAC) environments
  • Manages password policies
  • Reviews audit logs
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2021-03-06 ,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • Security and Network Personnel
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档