CISSP考试指南笔记:5.9 访问控制实践

The following is a list of tasks that must be done on a regular basis to ensure security stays at a satisfactory level:

  • Deny access to systems to undefined users or anonymous accounts.

  • Limit and monitor the usage of administrator and other powerful accounts.

  • Suspend or delay access capability after a specific number of unsuccessful logon attempts.

  • Remove obsolete user accounts as soon as the user leaves the company.

  • Suspend inactive accounts after 30 to 60 days.

  • Enforce strict access criteria.

  • Enforce the need-to-know and least-privilege practices.

  • Disable unneeded system features, services, and ports.

  • Replace default password settings on accounts.

  • Limit and monitor global access rules.

  • Remove redundant resource rules from accounts and group memberships.

  • Remove redundant user IDs, accounts, and role-based accounts from resource access lists.

  • Enforce password rotation.

  • Enforce password requirements (length, contents, lifetime, distribution, storage, and transmission).

  • Audit system and user events and actions, and review reports periodically.

  • Protect audit logs.

Unauthorized Disclosure of Information


Object Reuse

Object reuse issues pertain to reassigning to a subject media that previously contained one or more objects.

Sensitive data should be classified (secret, top secret, confidential, unclassified, and so on) by the data owners.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.9 访问控制实践

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值