2 cissp ® Official Study Guide Eighth Edition

384
Chapter 9 
■
Security Vulnerabilities, Threats, and Countermeasures
Separation of Privilege
The principle of 
separation of privilege
builds on the principle of least privilege. It requires 
the use of granular access permissions; that is, different permissions for each type of 
privileged operation. This allows designers to assign some processes rights to perform 
certain supervisory functions without granting them unrestricted access to the system. It 
also allows individual requests for services or access to resources to be inspected, checked 
against access controls, and granted or denied based on the identity of the user making the 
requests or on the basis of groups to which the user belongs or security roles that the user 
occupies.
Think of separation of duties as the application of the principle of least privilege to 
administrators. In most moderate to large organizations, there are many administrators, 
each with different assigned tasks. Thus, there are usually few or no individual administra-
tors with complete and total need for access across the entire environment or infrastruc-
ture. For example, a user administrator has no need for privileges that enable reconfiguring 
network routing, formatting storage devices, or performing backup functions.
Separation of duties is also a tool used to prevent conflicts of interest in the assignment 
of access privileges and work tasks. For example, those persons responsible for program-
ming code should not be tasked to test and implement that code. Likewise, those who work 
in accounts payable should not also have accounts receivable responsibilities. There are 
many such job or task conflicts that can be securely managed through the proper imple-
mentation of separation of duties.

Download 19,3 Mb.

Do'stlaringiz bilan baham: