Page 1134 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1134

altering the configuration of a firewall, and accessing system log and

               audit files. Using common security practices, such as the principle of
               least privilege, ensures that only a limited number of people have
               these special privileges. Monitoring ensures that users granted these
               privileges do not abuse them.

               Accounts granted elevated privileges are often referred to as privileged
               entities that have access to special, higher-order capabilities
               inaccessible to normal users. If misused, these elevated rights and

               permissions can result in significant harm to the confidentiality,
               integrity, or availability of an organization’s assets. Because of this, it’s
               important to monitor privileged entities and their access.

               In most cases, these elevated privileges are restricted to
               administrators and certain system operators. In this context, a system
               operator is a user who needs additional privileges to perform specific
               job functions. Regular users (or regular system operators) only need

               the most basic privileges to perform their jobs.



                             The task of monitoring special privileges is used in

                  conjunction with other basic principles, such as least privilege and

                  separation of duties and responsibilities. In other words, principles
                  such as least privilege and separation of duties help prevent
                  security policy violations, and monitoring helps to deter and detect
                  any violations that occur despite the use of preventive controls.



               Employees filling these privileged roles are usually trusted employees.
               However, there are many reasons why an employee can change from a
               trusted employee to a disgruntled employee or malicious insider.
               Reasons that can change a trusted employee’s behavior can be as

               simple as a lower-than-expected bonus, a negative performance
               review, or just a personal grudge against another employee. However,
               by monitoring usage of special privileges, an organization can deter an
               employee from misusing the privileges and detect the action if a
               trusted employee does misuse them.

               In general, any type of administrator account has elevated privileges
   1129   1130   1131   1132   1133   1134   1135   1136   1137   1138   1139