Page 649 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 649

elevate such programs or processes to supervisory mode altogether.


               Separation of Privilege

               The principle of separation of privilege builds on the principle of least
               privilege. It requires the use of granular access permissions; that is,

               different permissions for each type of privileged operation. This allows
               designers to assign some processes rights to perform certain
               supervisory functions without granting them unrestricted access to the
               system. It also allows individual requests for services or access to
               resources to be inspected, checked against access controls, and

               granted or denied based on the identity of the user making the
               requests or on the basis of groups to which the user belongs or security
               roles that the user occupies.

               Think of separation of duties as the application of the principle of least
               privilege to administrators. In most moderate to large organizations,
               there are many administrators, each with different assigned tasks.
               Thus, there are usually few or no individual administrators with

               complete and total need for access across the entire environment or
               infrastructure. For example, a user administrator has no need for
               privileges that enable reconfiguring network routing, formatting
               storage devices, or performing backup functions.

               Separation of duties is also a tool used to prevent conflicts of interest
               in the assignment of access privileges and work tasks. For example,
               those persons responsible for programming code should not be tasked

               to test and implement that code. Likewise, those who work in accounts
               payable should not also have accounts receivable responsibilities.
               There are many such job or task conflicts that can be securely
               managed through the proper implementation of separation of duties.


               Accountability

               Accountability is an essential component in any security design. Many
               high-security systems contain physical devices (such as paper-and-pen

               visitor logs and nonmodifiable audit trails) that enforce individual
               accountability for privileged functionality. In general, however, such
               capabilities rely on a system’s ability to monitor activity on and
               interactions with a system’s resources and configuration data and to
   644   645   646   647   648   649   650   651   652   653   654