From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Account and privilege management
From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Account and privilege management
- One of the fundamental responsibilities of information security professionals is performing account management tasks. This includes implementing job rotation schemes, mandatory vacation policies, and managing the account lifecycle. Many organizations implement job rotation schemes designed to move people around from job to job on a periodic basis. This has obvious personnel benefits by providing teams with a diverse set of experiences and allowing them to experience many different aspects of the organization's operations. It also has the added security benefit of reducing the likelihood of fraud. If you know that someone else will be looking at your work during your job rotation, you're less likely to conduct illegitimate activity that might be detected during that rotation. Mandatory vacation policies attempt to achieve the same goal by requiring that staff in key positions take a minimum number of consecutive vacation days each year and not have access to corporate systems during that time period. This enforced absence provides an opportunity for fraudulent activity to come to light when the employee doesn't have the access necessary to cover it up. Now, personally, I think mandatory vacation policies are a fantastic idea. After all, how often do you get to go on a nice long trip where you're completely disconnected from the world and say that you're doing it in the name of security? Account management team should also adopt a standard naming convention for accounts in their organization. This makes it easier to identify users and tie user account names to real identities. For example, many organizations choose to use a standard naming convention that takes a user's first initial and combines it with up to eight characters of their last name. If this would create a duplicate account, they then replace the last character with a unique number. Now, following that convention, my username would be mchapple, provided that there aren't any other people in the organization with my last name and first initial. If someone else already had that account name, I'd be mchapple2. Security professionals are also responsible for managing the account and credential lifecycle. This requires a series of account maintenance activities. They administer the process of granting new users access to systems and ensuring that they have the correct entitlements that correspond to their job role. Modifying those entitlements when a user changes jobs or a user's job requires new access, reviewing access on a regular basis and removing any unnecessary access following a process known as re-certification, and eventually removing the access of terminated users completing the lifecycle. The management of user accounts is a key responsibility for information security professionals.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.