2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet640/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   636   637   638   639   640   641   642   643   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

 Account Management 
Account management reviews ensure that users only retain authorized permissions and that 
unauthorized modifi cations do not occur. Account management reviews may be a function 
of information security management personnel or internal auditors. 
One way to perform account management is to conduct a full review of all accounts. 
This is typically done only for highly privileged accounts because of the amount of time 
consumed. The exact process may vary from organization to organization, but here’s one 
example: 
1.
Managers ask system administrators to provide a list of users with privileged access 
and the privileged access rights. They may monitor the administrator as they retrieve 
this list to avoid tampering. 
2.
Managers ask the privilege approval authority to provide a list of authorized users and 
the privileges they should be assigned. 
3.
The managers then compare the two lists to ensure that only authorized users 
retain access to the system and that the access of each user does not exceed their 
authorization.
This process may include many other checks, such as verifying that terminated users do 
not retain access to the system, checking the paper trail for specifi c accounts, or other tasks. 
Organizations that do not have time to conduct this thorough process may use sampling 
instead. In this approach, managers pull a random sample of accounts and perform a full 
verifi cation of the process used to grant permissions for those accounts. If no signifi cant 
fl aws are found in the sample, they make the assumption that this is representative of the 
entire population. 
Sampling only works if it is random! Don’t allow system administrators 
to generate the sample or use nonrandom criteria to select accounts for 
review, or you may miss entire categories of users where errors may exist.
Organizations may also automate portions of their account review process. Many iden-
tity and access management (IAM) vendors provide account review workfl ows that prompt 
administrators to conduct reviews, maintain documentation for user accounts, and provide 
an audit trail demonstrating the completion of reviews.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   636   637   638   639   640   641   642   643   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish