Page 1128 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1128

when administrators create user accounts, they ensure that the
               accounts are provisioned with the appropriate amount of resources,

               and this includes privileges. Proper user provisioning processes follow
               the principle of least privilege.

               Aggregation In the context of least privilege, aggregation refers to
               the amount of privileges that users collect over time. For example, if a
               user moves from one department to another while working for an
               organization, this user can end up with privileges from each

               department. To avoid access aggregation problems such as this,
               administrators should revoke privileges when users move to a
               different department and no longer need the previously assigned
               privileges.

               Transitive Trust A trust relationship between two security domains
               allows subjects in one domain (named primary) to access objects in
               the other domain (named training). Imagine the training domain has

               a child domain named training.cissp. A transitive trust extends the
               trust relationship to the child domain. In other words, users in the
               primary domain can access objects in the training domain and in the
               training.cissp child domain. If the trust relationship is nontransitive,
               users in the primary domain cannot access objects in the child
               domain. Within the context of least privilege, it’s important to
               examine these trust relationships, especially when creating them

               between different organizations. A nontransitive trust enforces the
               principle of least privilege and grants the trust to a single domain at a
               time.


               Separation of Duties and Responsibilities

               Separation of duties and responsibilities ensures that no single person
               has total control over a critical function or system. This is necessary to

               ensure that no single person can compromise the system or its
               security. Instead, two or more people must conspire or collude against
               the organization, which increases the risk for these people.

               A separation of duties policy creates a checks-and-balances system
               where two or more users verify each other’s actions and must work in
               concert to accomplish necessary work tasks. This makes it more
   1123   1124   1125   1126   1127   1128   1129   1130   1131   1132   1133