One of the fundamental responsibilities of information security professionals is performing account management tasks. This includes designing strong processes that implement the principles of least privilege and separation of duties, implementing job rotation schemes, and managing the account life cycle. In this video, learn how to conduct account and privilege management activities.
- [Narrator] One of the fundamental responsibilities of information security professionals is performing account management tasks. This includes designing strong processes that implement the principles of least privilege and separation of duties, implementing job rotation schemes, and managing the account lifecycle. The principle of least privilege states that an individual should only have the minimum set of privileges necessary to complete their assigned job duties. The separation of duties principle states that performing sensitive actions should require the collaboration of two individuals.
Account managers issuing permissions should ensure that the permissions they grant users are consistent with these principles. For more information on these two principles, see the authorization video of this course. Many organizations also implement job rotation schemes designed to move people around from job to job on a periodic basis. This has obvious personnel benefits by providing teams with a diverse set of experiences and allowing them to experience many different aspects of the organization's operations.
It also has the security benefit of reducing the likelihood of fraud. If you know that someone else will be looking at your work during a job rotation, you are less likely to conduct illegitimate activity that might be detected during that rotation. Mandatory vacation policies attempt to achieve the same goal by requiring that staff in key positions take a minimum number of consecutive vacation days each year and not have access to corporate systems during that time period. This enforced absence provides an opportunity for fraudulent activity to come to light when the employee does not have the access necessary to to cover it up.
Security professionals are also responsible for managing the account and credential lifecycle. They administer the process of granting new users access to systems, modifying roles when a user changes jobs, or a user's job requires new access, reviewing access on a regular basis and modifying discrepancies found, and eventually removing the access of terminated users, completing the lifecycle. The management of user accounts is a key responsibility for information security professionals.
You can sign up for Mike's free study group at certmike.com, and find his study guides at the Sybex test prep site. To review the complete CISSP Body of Knowledge, visit https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A complete learning path will be available once all the courses are released.
- Identity and access management overview
- Identification mechanisms: user names, access cards, biometrics, and registration
- Authentication factors
- Password authentication protocols
- Identity as a service (IDaaS)
- Enforcing accountability
- Managing credentials with policies
- Using access control lists
- Defending against access control attacks