Key Concepts 7.4 Apply foundational security operations concepts Flashcards
Domain 7 (13 cards)
Involves limiting access to data and systems to only individuals with a legitimate business need for that information. This may result in denying access even to some with
necessary security clearance. This approach reduces risk from both external breaches and
unintentional (or malicious) insider actions.
Need-to-know
Involves assigning the bare minimum permissions to accounts (user, system,
or service) required to perform their functions. This approach reduces lateral movement
opportunities for attackers and limits the impact of a single account’s compromise
Least privilege
Refers to the gradual accumulation of unnecessary or excessive permissions granted to users, applications, or systems over time. This can lead to security vulnerabilities
and unauthorized access.
Privilege creep
Involves dividing critical tasks or access roles to ensure one
person doesn’t hold excessive control, thus requiring collusion for fraud or abuse. This
approach prevents conflicts of interest, lowers financial risks, and enhances audit trails.
Segregation of Duties (SoD)
is an agreement among multiple persons to perform some unauthorized or
illegal actions.
Collusion (SoD helps prevent)
Is the use of deceitful tactics to gain unauthorized access to information systems,
data, or financial resources
Fraud (SoD helps prevent)
Involves covertly obtaining confidential information, often for political, military, or economic advantage. Generally, initiated from outside and organization, but
may involve a malicious insider.
Espionage (SoD helps prevent)
Which is a deliberate act or omission that damages or disrupts a company’s operations, property, or reputation. It can be carried out by employees, competitors, or
other outsiders.
Sabotage (SoD helps prevent)
Involves a special focus on securing those accounts with administrative or higher-than-usual permissions. Is a system for managing, monitoring, and securing all accounts with elevated privileges, ideally regardless of the specific
technology stack in use.
Privileged account management (PAM)
- Reduced attack surface: By limiting the number of active privileged accounts and their
usage, PAM decreases potential entry points for attackers. - Insider threat mitigation: By monitoring and controlling privileged access, PAM helps
prevent misuse of power by internal users. - Enhanced accountability: Clear tracking of who accessed what and when improves
individual accountability within the organization. - Protection against credential theft: JIT access and frequent password rotations make
stolen credentials less valuable to attackers. - Simplified access management: Centralized control over privileged roles and access
streamlines administrative tasks and reduces human error.
Security Benefits of PAM
involves periodically shifting employee roles and responsibilities within the organization. This approach detects anomalies or fraud more easily and spreads domain knowledge to reduce ‘single point of failure’ risks.
Job rotation
are contracts defining performance, availability, and support expectations between customer and provider (usually an external vendor). Establish
security baselines and outline incident response timelines.
Service-level agreements (SLAs)
An SLA between departments within an organization
operating level agreement (OLA)
