One of the fundamental responsibilities of information security professionals is performing account management tasks. This includes designing strong processes that implement the principles of least privilege and separation of duties, implementing job rotation schemes, and managing the account life cycle. In this video, learn how to conduct account and privilege management activities.
- [Instructor] One of the fundamental responsibilities…of information security professionals…is performing account management tasks.…This includes designing strong processes…that implement the principles of least privilege…and separation of duties,…implementing job rotation schemes,…and managing the account life cycle.…The principle of least privilege…states that an individual should only have…the minimum set of privileges necessary…to complete their assigned job duties.…The separation of duties principle…states that performing sensitive actions…should require the collaboration of two individuals.…
Account managers issuing permissions…should ensure that the permissions they grant users…are consistent with these principles.…Many organizations also implement job rotation schemes…designed to move people around…from job to job on a periodic basis.…This has obvious personnel benefits…by providing teams with a diverse set of experiences…and allowing them to experience…many different aspects of the organization's operations.…
Author
Mike Chapple
Released
5/23/2018Want more CySA+ test prep tips? Visit certmike.com to join Mike's free study group.
- Security governance
- Security roles and responsibilities
- Security policies
- Complying with laws and regulations
- Auditing and assessing security
- Personnel security
- Security training
- Vendor management
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome2m 26s
-
-
1. Security Governance
-
Organizational processes3m 13s
-
Control frameworks4m 52s
-
2. Security Policy
-
Security policy framework4m 40s
-
Security policies5m 16s
-
Account policies3m 35s
-
Password policies4m 50s
-
Data security policies5m 17s
-
Data security roles3m 30s
-
-
3. Regulatory Compliance
-
Privacy compliance4m 24s
-
Computer crimes1m 55s
-
Intellectual property4m 16s
-
Software licensing2m 28s
-
Data breaches2m 8s
-
4. Assessing Security Processes
-
Management review3m 14s
-
Metrics and measurements3m 18s
-
Audits and assessments5m 35s
-
Control management3m 37s
-
Maturity models3m 34s
-
-
5. Personnel Security
-
Employee security3m 4s
-
Employee termination process2m 42s
-
Employee privacy2m 23s
-
Social networking3m 52s
-
Personnel safety2m 31s
-
Employee development1m 35s
-
-
6. Awareness and Training
-
Compliance training3m 27s
-
User habits2m 47s
-
User-based threats1m 55s
-
Awareness program reviews1m 20s
-
7. Vendor Management
-
Vendor agreements3m 34s
-
Security as a service1m 29s
-
Conclusion
-
Next steps33s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Understand account and privilege management