CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

5.9.7  Destruction 1 2 3 4 5 5.11  Success Questions

Privilege Management

You also explored facets of privilege management, which controls how privileges are assigned, managed and enforced on your network. One area you looked at was user/group/role management, in which you are concerned with grouping user accounts into collections in order to make it easier to manage privileges granted to each; many times, users are grouped by role (job assignment, such as HR clerk, Comptroller, A/R data entry clerk, etc.). You also learned about single sign-on, a technical feature that enables a user to authenticate themselves to the network only once, and as long as that session is open, authorization for access to any related system or application is performed based on the original credentials that have already been provided. Privilege management may occur in a centralized (the data center handles all of it) or decentralized (responsibility is delegated) manner. Auditing is used to track user activities and verify proper security policies and procedures are in place and being followed; a user ID is a useful unique identifier for auditing. You revisited MAC/DAC/RBAC access control models.

You then explored computer forensics, the application of investigation and analysis techniques which comply with a legal system. When performing computer forensics, be careful to not interfere with the chain of custody, which is the record of who had possession of each piece of evidence, for how long and under what security conditions (important because lack of chain of custody proof can result in evidence being declared inadmissible). Also, take care to ensure the preservation of evidence (do not alter evidence in any way, as tampering could also render it inadmissible). Lastly, you looked at guidelines for evidence collection, which specify types of evidence to gather such as logs, lists of running processes and logged-on users, pictures of the scene, etc.)

Next, you learned about Risk Identification. Before analyzing risk, you need to know what assets you have to lose (including both physical assets like expensive servers and intangible assets like company reputation). Risk assessment involves discovering the potential losses due to risks, so the organization can take steps to ensure they are adequately protected. You need to be aware of threats (combination of capability, opportunity and intent to do harm) and vulnerabilities (weaknesses in computer hardware/software which can be taken advantage of) when computing risk, as explained in the following formula:

Risk = vulnerabilities X threats X costs

When determining risk, you look at the cost of a particular event, and the probability of it occurring, to determine risk faced

5.9.7  Destruction 1 2 3 4 5 5.11  Success Questions