Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.
Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.
Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.
Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.
Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.
Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.
The following list lays out tasks that should be carried out by the security administrator, not the network administrator: