|
Managing Security Operations
Primary Purpose of Security Operations is to secure the information assets, people and infrastructure. # Key Concepts Entitlement - Amount of privileges granted to the user Aggregation/Authorization Creep - Amount of privileges that user collects overtime. Counter measure of this is User Entitlement review (UER) Need to know - Access granted only to data resources they need to perform Least Privilege - Access granted to the privileges necessary to perform the assigned task.Helps to prevent violation Separation of Duties - Critical Jobs must not be done by one person.Helps to prevent violation. Collusion - Two people committing a crime together Job Rotation - Movement from one role to another Mandatory Vacation - Sending employee to vacation Privilege Account Management # Managing Information Lifecycle Create (Classify the data)-> Store -> Use -> Share -> Archive -> Destroy - Service Level Agreement- SLA is usually an agreement between the organization and the vendor.It covers the performance expectations and includes penalties if the parties doesn't meet the expectation. - Memorandum of Understanding - No Financial Stipulation is involved. Similar to SLA Preventing and responding to incidents Disaster Recovery Planning Investigation and Ethics*
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2022
Categories |
RSS Feed