CISSP考试指南笔记:7.2 行政管理

Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.

Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.

Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.

Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.

Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.

Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.

Security and Network Personnel


The following list lays out tasks that should be carried out by the security administrator, not the network administrator:

  • Implements and maintains security devices and software

  • Carries out security assessments

  • Creates and maintains user profiles and implements and maintains

  • Configures and maintains security labels in mandatory access control (MAC) environments

  • Manages password policies

  • Reviews audit logs

 

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.2 行政管理

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值