2 cissp ® Official Study Guide Eighth Edition


Chapter 17  ■ Preventing and Responding to Incidents User Entitlement Audits



Download 19,3 Mb.
Pdf ko'rish
bet735/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   731   732   733   734   735   736   737   738   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

786
Chapter 17 

Preventing and Responding to Incidents
User Entitlement Audits 
User entitlement refers to the privileges granted to users. Users need rights and permissions 
(privileges) to perform their job, but they only need a limited number of privileges. In the 
context of user entitlement, the principle of least privilege ensures that users have only the 
privileges they need to perform their job and no more. 
Although access controls attempt to enforce the principle of least privilege, there 
are times when users are granted excessive privileges. User entitlement reviews can dis-
cover when users have excessive privileges, which violate security policies related to user 
entitlement.
Audits of Privileged Groups 
Many organizations use groups as part of a Role Based Access Control model. It’s important 
to limit the membership of groups that have a high-level of privileges, such as administra-
tor groups. It’s also important to make sure group members are using their high-privilege 
accounts only when necessary. Audits can help determine whether personnel are following 
these policies. 
Access review audits, user entitlement audits, and audits of privileged 
groups can be performed manually or automatically. Many identity and 
access management (IAM) systems include the ability to perform these 
audits using automation techniques.
High-Level Administrator Groups 
Many operating systems have privileged groups such as an Administrators group. The 
Administrators group is typically granted full privileges on a system, and when a user 
account is placed in the Administrators group, the user has these privileges. With this in 
mind, a user entitlement review will often review membership in any privileged groups, 
including the different administrator groups. 
Some groups have such high privileges that even in organizations with tens of thousands 
of users, their membership is limited to a very few people. For example, Microsoft domains 
include a group known as the Enterprise Admins group. Users in this group can do any-
thing on any domain within a Microsoft forest (a group of related domains). This group 
has so much power that membership is often restricted to only two or three high-level 
administrators. Monitoring and auditing membership in this group can uncover unauthor-
ized individuals added to these groups. 
It is possible to use automated methods to monitor membership in privileged accounts 
so that attempts to add unauthorized users automatically fail. Audit logs will also record 
this action, and an entitlement review can check for these events. Auditors can examine the 
audit trail to determine who attempted to add the unauthorized account. 
Personnel can also create additional groups with elevated privileges. For example, 
administrators might create an ITAdmins group for some users in the IT department. 
They would grant the group appropriate privileges based on the job requirements of these 

Logging, Monitoring, and Auditing 
787
administrators, and place the accounts of the IT department administrators into the 
ITAdmins group. Only administrators from the IT department should be in the group, and 
a user entitlement audit can verify that users in other departments are not in the group. 
This is one way to detect creeping privileges. 
A user entitlement audit can also detect whether processes are in place to 
remove privileges when users no longer need them and if personnel are 
following these processes. For example, if an administrator transferred to 
the Sales department of an organization, this administrator should no lon-
ger have administrative privileges.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   731   732   733   734   735   736   737   738   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish