CISSP考试指南笔记:7.2 行政管理

最新推荐文章于 2021-04-16 22:53:58 发布
最新推荐文章于 2021-04-16 22:53:58 发布
阅读量143 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/114421123
版权

Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.

Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.

Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.

Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.

Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.

Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.

Security and Network Personnel

The following list lays out tasks that should be carried out by the security administrator, not the network administrator:

  • Implements and maintains security devices and software

  • Carries out security assessments

  • Creates and maintains user profiles and implements and maintains

  • Configures and maintains security labels in mandatory access control (MAC) environments

  • Manages password policies

  • Reviews audit logs

 

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.2 行政管理

debugeeker
关注
专栏目录
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
CISSP学习详细笔记、错题,考点标黑标红
03-19
### CISSP 学习详细笔记与错题分析 #### 安全管理核心概念与原则 **保密性(Confidentiality)**: - **目的**:确保数据处于保密状态,阻止或最小化未授权访问(包括恶意攻击和无意识的人为错误)。 - **控制手段**...
CISSP考试指南笔记:1.15 风险管理框架
debugeeker的专栏
12-18 358
Arisk management framework (RMF)is astructured processthat allows an organization to identify and assess risk, reduce it to an acceptable level, and ensure that it remains at that level. In essence, an RMF is a structured approach to risk management. ...
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 208
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:1.11 风险管理
debugeeker的专栏
12-15 214
在安全语义下的风险是损害发生的可能性以及这种损害一旦发生的后果。风险管理(RM)是识别和评估风险,将其降低到可接受的水平,并确保其保持在该水平的过程。 整体风险管理 只有当潜在风险威胁到企业的底线时,企业才会关注安全。安全专业人员了解这些单独的威胁非常重要,但更重要的是他们了解如何计算这些威胁的风险并将其与业务驱动因素相对应。 NIST SP 800-39定义了风险管理的三个层次: 组织层关注整个业务的风险,这意味着它将框定对话的其余部分,并设置风险承受水平等重要参数。 业务流程层处理组
CISSP考试指南笔记:2.6 保护资产
debugeeker的专栏
12-19 187
Data Security Controls Which controls we choose to use to mitigate risks to our information depend not only on the value we assign to that information, but also on the dynamic state of that information. Data exists in one of three states: at rest, in moti
CISSP考试指南笔记:8.12 数据库管理
debugeeker的专栏
04-16 181
Database Management Software Adatabaseis a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify that data as needed. Adatabase management system (DBMS)is a suite of programs used to ma...
CISSP考试指南笔记:6.3 审计管理控制
debugeeker的专栏
03-06 195
Account Management A preferred technique of attackers is to become “normal” privileged users of the systems they compromise as soon as possible. They can accomplish this in at least three ways: compromise an existing privileged account, create a new privi
CISSP考试指南笔记:7.7 事故管理流程
debugeeker的专栏
03-12 309
There are many incident management models, but all share some basic characteristics. They all require that we identify the event, analyze it to determine the appropriate counteractions, correct the problem(s), and, finally, keep the event from happening ag
CISSP考试指南笔记:1.14 供应链风险管理
debugeeker的专栏
12-18 919
Asupply chainis a sequence of suppliers involved in delivering some product. A good resource to help integrate supply chain risk into your risk management program isNIST SP 800-161, “Supply Chain Risk Management Practices for Federal Information System...
CISSP考试指南笔记:3.2 计算机架构
debugeeker的专栏
12-21 228
Computer architectureencompasses all of the parts of a computer system that are necessary for it to function, including the central processing unit, memory chips, logic circuits, storage devices, input and output devices, security components, buses, and n.
CISSP考试资料合集(含最新第八版教程指南).zip
08-19
CISSP考试辅导资料 CISSP历年考试习题 CISSP最新全套培训讲义(完整版) CISSP 2020年最新考生复习经验分享汇总 cissp 考试复习重点与做题方法(考生汇总) 国内顶级培训机构CISSP中英文对照习题1000题 CISSP官方...
CISSP考试指南
06-18
在本文档中,有关CISSP认证考试指南的内容较为有限,但可以推断出该指南主要面向希望考取CISSP认证的个人。文档提到了中国民间信息安全学习群体和一个相关的网站***,以及“国盟信息安全基地”这几个关键词。这里...
CISSP学习笔记 CISSP关键知识点总结汇总.zip
01-05
CISSP学习笔记CISSP关键知识点总结汇总,以网上搜集到的CISSP学习资料为基础,补充修改了关键内容,不保证正确。 第一章 通过原则和策略的安全治理 第二章 人员安全和风险管理概念 第三章 业务连续性计划 第四章 ...
OBS-Studio-30.2.3-Windows.zip
最新发布
09-23
OBS-Studio-30.2.3-Windows.zip
ChanjeeDlnaTool-v1.0 推送电脑上的文件到安卓电视大屏,实现音视频播放和apk安装
09-23
详情参考:https://blog.csdn.net/title71/article/details/142462255?spm=1001.2014.3001.5501 文件里面含有视频使用教程 一.windows+Android大屏 使用投送教程: 准备 0.电视机和电脑要在同一网络下面 1.使用u盘安装chanjeeDlnaTool.apk到电视机 2.将Windows软件拷贝到合适目录,将.mp4 /.flac /.jpg ...文件拷贝到软件目录的www/files文件夹下面 投送 1.打开Android电视机大屏的刚安装的软件,找到左上角显示的电视机的ip地址 2.双击打开Windows软件的ChanjeeDlnaTool.exe文件,有弹窗提示防火墙网络,请点击允许 3.在Windows软件的ip地址栏输入Android电视机大屏上面的ip地址,并在Windows软件点击认证 4.认证完成后Windows软件下方蓝字会提示Binging successful 就说明绑定成功,此时就可以在Windows软件选择本地文件向Android大屏投送文件了
CODESYS是PLC软件编程工具.docx
09-23
CODESYS是一款功能强大的PLC(可编程逻辑控制器)软件编程工具,广泛应用于工业自动化领域。以下是对CODESYS的详细介绍: 一、基本概述 定义:CODESYS是Controlled Development System的缩写,是可编程逻辑控制PLC的完整开发环境。 开发商:CODESYS软件商是德国Smart software solution GmbH,该公司位于德国巴伐利亚州肯普腾市。 最新版本:CODESYS V3(国内PLC用户使用的版本多为CODESYS V2.3)。V3版本在软件架构上有了很大的改善,朝安全软件的方向发展,正在申请TUV关于EN 61508的SIL认证。 二、主要特点 开放性:CODESYS是一个开放的软件平台,允许第三方开发者在其上开发定制化的解决方案,适应不同厂商的PLC设备,具有很高的灵活性和扩展性。 跨平台:CODESYS可以运行在多种不同的操作系统上,包括Windows、Linux和嵌入式系统(RTOS),提高了开发效率和可移植性。 多语言支持:支持IEC61131-3标准下的IL、ST、FBD、LD、CFC、SFC六种PLC编程语言,用
广西中医药大学在湖南2021-2024各专业最低录取分数及位次表.pdf
09-23
全国各大学在湖南2021-2024年各专业最低录取分数及录取位次数据,高考志愿必备参考数据
CISSP考试精华笔记:安全治理与核心原则
"CISSP官方教材最完备精华笔记-V1.01" ...这些知识点是CISSP考试的核心,掌握它们对于通过考试和在信息安全领域工作至关重要。通过深入理解并实践这些概念,专业人士可以更好地设计、实施和管理组织的信息安全策略。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值