Join Mike Chapple for an in-depth discussion in this video Management review, part of CySA+ Cert Prep: 4 Security Governance.
- [Instructor] Information technology and security managers have some key responsibilities when it comes to operational security controls. Managers serve as a critical check and balance in many organizations, and should routinely review the work of both their own teams and others. Management reviews play two important roles in the security process. First, they provide an important double-check on the work performed by employees, and verify that the work was performed accurately, and completely.
Second, they reduce fraud and malfeasance by creating a culture of oversight. If employees, particularly privileged users, know that someone is checking their work, they will be far less likely to engage in unscrupulous activity. Privileged user actions are one of the most important tasks requiring management review. System engineers, application administrators, and other trusted employees, often have the ability to override normal security controls, and perform actions that would otherwise violate security policies.
This is a normal fact of life in any security program. Every rule has an exception, and someone has to have the authority to implement those exceptions. However, privileged users should be carefully monitored, to ensure that every action they take that is an exception to normal policy, is appropriately vetted, and consistent with the organization's security controls. For example, an organization might require that any policy exception be documented in a formal request for change, or RFC, and have the approval of a vice president, or other senior-level official.
During a management review of privileged user actions, the manager should pull the log of all privileged actions performed by that administrative user. Depending upon the size of this log, the nature of the actions, and the number of privileged users, the manager may decide to either conduct a 100% verification of all privileged actions, verifying that each of those actions had the appropriate RFC approval, and was properly implemented, or the manager might decide to select a random sample of changes, and verify those.
Account management is a second area that requires regular management review. Managers should regularly conduct reviews of all of the accounts within their scope of responsibility, to very several things. First, the manager should verify that every user with active privileges is still associated with the organization, and has not been terminated or transferred. Second, the manager should verify that the permissions assigned to each account are appropriate for that user's role in the organization.
And finally, the manager should verify that any changes that took place since the last review, were authorized, and appropriately documented. This includes privilege escalation, account creation, and account revocation, among other actions. Conduction regular management reviews is a key responsibility of IT and security managers, and a critical component of an organization's security program.
Want more CySA+ test prep tips? Visit certmike.com to join Mike's free study group.
- Security governance
- Security roles and responsibilities
- Security policies
- Complying with laws and regulations
- Auditing and assessing security
- Personnel security
- Security training
- Vendor management