Need to Know & The principle of least privilege are two standard IT security principles implemented in secure networks. They limit access to data and system so that users and other subjects have access only to what they require.
When these principles are not followed, security incidents result in far greater damage to an organization.
Separation of duties is a basic security principle that ensures that no single person can control all the elements of a critical function or system.
Job rotation, employees are rotated into different jobs or tasks are assigned to different employees.
Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions.
Privileged entities are trusted, but they can abuse their privileges, Because of this, it’s important to monitor all assignment of privileges and the use of privileged operations.
Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclousr resulting in a loss of confidentiality.
Proper management includes marking, handling, storing and destroying sensitive information. The two areas where organization often miss the mark are adequately protecting backup media holding sensitive information and sanitizing media or equipment when it is at the end of its life cycle.
record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed. many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate. A current trend with many organization sis to reduce legal liabilities by implementing short retention policies with email.
Patch management ensures that systems are kept up-to-date with current patches. you should know that an effective patch management program will evaluate, test, approve, and deploy patches. additionally, be aware that system audits verify the deployment of approved patches to systems. Patch management is often intertwined with change and configuration management to ensure that documentation reflects the changes. when an organization does not have a patch management program it will often experience outages and incidents from known issues that could have been prevented.
Vulnerability management includes routine vulnerability scans and periodic vulnerability assessments. Vulnerability scanners are used to detect known security vulnerabilities and weaknesses such as the absence of patches or weak passwords. They are used to generate reports that indicate the technical vulnerabilities of a system and are an effective check for a patch management program. Vulnerability assessments extend beyond just technical scans and can include reviews and audits to detect vulnerabilities.
Many outages and incidents can be prevented with effective configuration and change management programs. Configuration management ensures that systems are configured similarly and the configuration of systems are known and documented. Baselining ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method. Change management helps reduce outages or weakened security from unauthorized changes. A change management process requires changes to be requested, approved, and documented. Versioning uses a labeling or numbering system to track changes in updated versions of software.
Security audits and reviews help ensure that management programs are effective and being followed. They are commonly associated with account management practices and prevent violations with least privilege or need to know principles. However, they can also be performed to oversee patch management, vulnerability management, change management, and configuration management programs.