CHAPTER SUMMARY

This chapter examined the risk associated with the User domain, one of the seven domains of an IT infrastructure. As the number of users grows on the network, their diverse needs also grow. Security policies are a structured way of managing the user-related risks in this complex environment. The chapter reviewed the many different types of users and discussed unique roles such as administrator, security, and auditor. With these roles often come elevated privilege and enormous responsibilities.

Security policies are an effective way to reduce risks and govern users. They help identify the higher risk activities such as those performed by systems administrators. The policies are based on principles that help apply security consistently. These principles include core concepts such as least access privileges and best fit access privileges. The principles lay out risk choices and must strike a balance between cost to maintain and risks to control. In the end, security policies can educate users, reduce human error, and be used to better understand how incidents occurred.

KEY CONCEPTS AND TERMS

Best fit access privileges

Chain of custody

Contingent accounts

Contractors

Firecall-ID process

Harden

Insider

Integrated audit

Interactive

Least access privileges

Log server

Phishing

Pretexting

Privileged-level access agreement (PAA)

Security personnel

Spear phishing

Structured Query Language (SQL) injection

Systems administrators

Trouble ticket

Whaling

CHAPTER 9 ASSESSMENT

  1. Pretexting is what happens when a hacker breaks into a firewall.
    1. True
    2. False
  2. You can use a(n) _______ process to grant temporary elevated rights.
  3. Security awareness is required by which of the following?
    1. Law
    2. Customers
    3. Shareholders
    4. All of the above
  4. A(n) _______ looks at risk and issues an independent opinion.
  5. A privileged-level access agreement (PAA) prevents an administrator from abusing elevated rights.
    1. True
    2. False
  6. Which of the following does an acceptable use policy relate to?
    1. Server-to-server communication
    2. Users accessing the Internet
    3. Encryption when transmitting files
    4. A and B
  7. A(n) _______ has inside information on how an organization operates.
  8. Social engineering occurs when a hacker posts his or her victories on a social website.
    1. True
    2. False
  9. In large organizations, all administrators typically have the same level of authority.
    1. True
    2. False
  10. A CISO must _______ risks if the business unit is not responsive.
  11. What is the difference between least access privileges and best fit access privileges?
    1. Least access privileges customize access to an individual.
    2. Best fit privileges customize access to a group based on risk.
    3. There is no difference.
    4. A and B
  12. System accounts are also referred to as _______ accounts.
  13. An interactive service account typically does not have a password.
    1. True
    2. False
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.8.147