Module Six

Assign different tasks to different personnel n no

Info iconThis preview shows pages 2–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Assign different tasks to different personnel n No single person can completely compromise a system n Related to the concept of least privileges – least privileges required to do one’s job n Secure Systems - System Administrator and Security Administrator must be different roles. n Highly Secure Systems - System Administrator, Security Administrator, and Enhanced Operator must be different roles. n If same person roles must be controlled and audited. System Admin – Enhanced Operator Functions n Installing software n Start up and shut down of system n Adding removing users n Performing back up and recovery n Handling printers and queues Security Administrator Functions n Setting user clearances, initial passwords and other security characteristics for new users n Changing security profiles for users n Setting file sensitivity labels n Setting security of devices n Renewing audit data n B2 security level requires that systems must support separate operator and system administrator roles. n B3 and A1 , systems must clearly identify the functions of the security administrator to perform the security- related functions. Rotation of duties Limiting the length of time a person performs duties before being moved Trusted Recovery - Required for B3 and A1 levels n Ensures Security is not breached when a system crashes or fails n System must be restarted without compromising security n Two primary activities n Failure Preparation – n Backups on a regular basis n System Recovery - n Rebooting in single user mode – no other users allowed on the system n Recovering all file systems n Restoring files n Recovering security n Checking security critical files
Background image of page 2

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Three hierarchical recovery types: n Manual Recovery Sys Admin must be involved n Automated Recovery – no intervention for single failure n Automated Recovery without Undue Loss – similar to Automated Recovery, higher level pf recovery no undue loss of protected object Configuration Change Management – Required B2, B3 and A1 n Process of tracking and approving changes n Identify, control and audit changes n Changes to the system must not diminish security n Includes roll back procedures n Documentation updates to reflect changes n Recommended for systems below the required B2, B3 and A1 n Change Control Functions: n Orderly manner and formalized testing n Users informed of changes n Analyze effects of changes n Reduce negative impact of changes n Configuration Management required for Development and Implementation stages for B2 and B3 n Configuration Management required for life cycle of system for A1 Administrative Controls n HR and personnel controls n Personnel Security – n Employment screening n Mandatory Vacation n Warnings and Termination for violating security policy n Separation of Duties n Least Privileges n Need to Know n Change Control/ Configuration Control n Record Retention and Documentation Least privilege n No access beyond job requirements n Group level privileges for Operators n Read Only n Read /Write - usually copies of original data
Background image of page 3
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page2 / 7

Assign different tasks to different personnel n No single...

This preview shows document pages 2 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online