2 cissp ® Official Study Guide Eighth Edition


Dual Administrator Accounts



Download 19,3 Mb.
Pdf ko'rish
bet736/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   732   733   734   735   736   737   738   739   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Dual Administrator Accounts 
Many organizations require administrators to maintain two accounts. They use one 
account for regular day-to-day use. A second account has additional privileges and 
they use it for administrative work. This reduces the risk associated with this privileged 
account. 
For example, if malware infects a system while a user is logged on, the malware can 
often assume the privileges of the user’s account. If the user is logged on with a privileged 
account, the malware starts with these elevated privileges. However, if an administra-
tor uses the administrator account only 10 percent of the time to perform administra-
tive actions, this reduces the potential risk of an infection occurring at the same time the 
administrator is logged on with an administrator account. 
Auditing can verify that administrators are using the privileged account appropriately. 
For example, an organization may estimate that administrators will need to use a privileged 
account only about 10 percent of the time during a typical day and should use their regular 
account the rest of the time. An analysis of logs can show whether this is an accurate esti-
mate and whether administrators are following the rule. If an administrator is constantly 
using the administrator account and rarely using the regular user account, an audit can fl ag 
this as an obvious policy violation.
Security Audits and Reviews 
Security audits and reviews help ensure that an organization has implemented security 
controls properly. Access review audits (presented earlier in this chapter) assess the effec-
tiveness of access controls. These reviews ensure that accounts are managed appropriately, 
don’t have excessive privileges, and are disabled or deleted when required. In the context of 
the Security Operations domain, security audits help ensure that management controls are 
in place. The following list includes some common items to check: 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   732   733   734   735   736   737   738   739   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish