CISSP考试指南笔记:7.2 行政管理

最新推荐文章于 2021-04-16 22:53:58 发布
最新推荐文章于 2021-04-16 22:53:58 发布
阅读量143 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/114421123
版权

Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.

Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.

Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.

Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.

Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.

Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.

Security and Network Personnel

The following list lays out tasks that should be carried out by the security administrator, not the network administrator:

  • Implements and maintains security devices and software

  • Carries out security assessments

  • Creates and maintains user profiles and implements and maintains

  • Configures and maintains security labels in mandatory access control (MAC) environments

  • Manages password policies

  • Reviews audit logs

 

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.2 行政管理

debugeeker
关注
专栏目录
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
CISSP学习详细笔记、错题,考点标黑标红
03-19
### CISSP 学习详细笔记与错题分析 #### 安全管理核心概念与原则 **保密性(Confidentiality)**: - **目的**:确保数据处于保密状态,阻止或最小化未授权访问(包括恶意攻击和无意识的人为错误)。 - **控制手段**...
CISSP考试指南笔记:1.15 风险管理框架
debugeeker的专栏
12-18 358
Arisk management framework (RMF)is astructured processthat allows an organization to identify and assess risk, reduce it to an acceptable level, and ensure that it remains at that level. In essence, an RMF is a structured approach to risk management. ...
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 208
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:1.11 风险管理
debugeeker的专栏
12-15 214
在安全语义下的风险是损害发生的可能性以及这种损害一旦发生的后果。风险管理(RM)是识别和评估风险,将其降低到可接受的水平,并确保其保持在该水平的过程。 整体风险管理 只有当潜在风险威胁到企业的底线时,企业才会关注安全。安全专业人员了解这些单独的威胁非常重要,但更重要的是他们了解如何计算这些威胁的风险并将其与业务驱动因素相对应。 NIST SP 800-39定义了风险管理的三个层次: 组织层关注整个业务的风险,这意味着它将框定对话的其余部分,并设置风险承受水平等重要参数。 业务流程层处理组
CISSP考试指南笔记:2.6 保护资产
debugeeker的专栏
12-19 187
Data Security Controls Which controls we choose to use to mitigate risks to our information depend not only on the value we assign to that information, but also on the dynamic state of that information. Data exists in one of three states: at rest, in moti
CISSP考试指南笔记:8.12 数据库管理
debugeeker的专栏
04-16 180
Database Management Software Adatabaseis a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify that data as needed. Adatabase management system (DBMS)is a suite of programs used to ma...
CISSP考试指南笔记:6.3 审计管理控制
debugeeker的专栏
03-06 195
Account Management A preferred technique of attackers is to become “normal” privileged users of the systems they compromise as soon as possible. They can accomplish this in at least three ways: compromise an existing privileged account, create a new privi
CISSP考试指南笔记:7.7 事故管理流程
debugeeker的专栏
03-12 309
There are many incident management models, but all share some basic characteristics. They all require that we identify the event, analyze it to determine the appropriate counteractions, correct the problem(s), and, finally, keep the event from happening ag
CISSP考试指南笔记:1.14 供应链风险管理
debugeeker的专栏
12-18 918
Asupply chainis a sequence of suppliers involved in delivering some product. A good resource to help integrate supply chain risk into your risk management program isNIST SP 800-161, “Supply Chain Risk Management Practices for Federal Information System...
CISSP考试指南笔记:3.2 计算机架构
debugeeker的专栏
12-21 228
Computer architectureencompasses all of the parts of a computer system that are necessary for it to function, including the central processing unit, memory chips, logic circuits, storage devices, input and output devices, security components, buses, and n.
CISSP考试资料合集(含最新第八版教程指南).zip
08-19
CISSP考试辅导资料 CISSP历年考试习题 CISSP最新全套培训讲义(完整版) CISSP 2020年最新考生复习经验分享汇总 cissp 考试复习重点与做题方法(考生汇总) 国内顶级培训机构CISSP中英文对照习题1000题 CISSP官方...
CISSP考试指南
06-18
在本文档中,有关CISSP认证考试指南的内容较为有限,但可以推断出该指南主要面向希望考取CISSP认证的个人。文档提到了中国民间信息安全学习群体和一个相关的网站***,以及“国盟信息安全基地”这几个关键词。这里...
CISSP学习笔记 CISSP关键知识点总结汇总.zip
01-05
CISSP学习笔记CISSP关键知识点总结汇总,以网上搜集到的CISSP学习资料为基础,补充修改了关键内容,不保证正确。 第一章 通过原则和策略的安全治理 第二章 人员安全和风险管理概念 第三章 业务连续性计划 第四章 ...
AXMLPrinter,xml逆向工具
最新发布
09-22
AXMLPrinter,xml逆向工具
虚拟机DirectX组建在线安装
09-22
虚拟机DirectX组建在线安装,有需要的试试
变压器变频器配电柜电路控制原理图CAD施工图纸设备控制图加料机电气控制图
09-22
变压器变频器配电柜电路控制原理图CAD施工图纸设备控制图加料机电气控制图
2024年夏威夷果行业分析报告.pptx
09-22
行业报告
CISSP考试精华笔记:安全治理与核心原则
"CISSP官方教材最完备精华笔记-V1.01" ...这些知识点是CISSP考试的核心,掌握它们对于通过考试和在信息安全领域工作至关重要。通过深入理解并实践这些概念,专业人士可以更好地设计、实施和管理组织的信息安全策略。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值