21. Administrative Personnel Controls Flashcards
Administrative Personnel Controls
Administrative Security
Means to control peoples operational access to data
Administrative Personnel Controls
Least privilege
Minimum necessary access - No more, no less
- exactly the access rights they need
- Go through the adminsitrative process in the future if change of access is required in the future
- Requires a lot of time and effort to maintain - not ideal for emergency situations
Administrative Personnel Controls
Need to know
Even if you have access, you do not need to know, you should not have access
*
Administrative Personnel Controls
Separation of Duties
Internal control inteded to prevent fraud and error
- Large organisations. Same person entering a purchase order does not issue the check
- If one person can do all the admin controls himself, fraud is more likely
- Exam assumes large organisation
Administrative Personnel Controls
Job Rotation
Detect Errors and Frauds
- Less change of collusion between individuals if they rotate jobs
- Helps avoid employee burnout
- Can be cost prohibitive IRL
- EXAM HINT: make sure cost justifies the benefit
Administrative Personnel Controls
Mandatory Vacations
Ensure one person is not always performing the same task
- Accounts can be locked and audited
- Audit will discover fraud if employee has been covering it up
- Give little or not notice
Administrative Personnel Controls
Minimise insider threats with the 5 controls
- Least privilege
- Need to know
- Seperation of duties
- Job rotation
- Mandatory Vacations
Administrative Personnel Controls
NDA
New Employee
Non Disclosure Agreement
- Clauses restricting employees use and dissemination of company owned confidential information
Administrative Personnel Controls
Background Checks
New Employee
- References
- Degrees
- Employment
- Criminal
- Credit history
- Typically for sensitive positions
- Can be an ongoing process
Administrative Personnel Controls
Privilege Monitoring
New Employee
Monitoring highly privileged employees
- The more privilege an employee has, the more we need to keep an eye on them
- More access = more responsibility = more scrutiny
- Privileged employees can expose more risks
- Should be automated as much as possible
Administrative Personnel Controls
PAM
Privileged Account/Access Management
- Account - Account safeguarded
- Access - What the account has access to
- Monitor What, when, how, why, where
Administrative Personnel Controls
Regular Users
PAM Monitoring
Analyse Performance
Improve Efficiency
Administrative Personnel Controls
Privileged Users
PAM Monitoring
Access Matrix
(what changed?)
- what was done, why, where, when
Administrative Personnel Controls
All Users
PAM Monitoring
- Sensitive Data
- Critical Systems
- Insider/Outsider threats
- Compliance/regulatory requirements
Administrative Personnel Controls
Systems
PAM Monitoring
- All servers (incl Jumpboxes)
- Endpoints
- Remote workstations
Administrative Personnel Controls
Full Monitoring
- MFA changes
- Remote connections
- Logs and records
- Anomaly detection
- Full visibility of admins
Administrative Personnel Controls
Logging and Monitoring Activity
- Logging - Raw data. Logs from apps and infrastructure
- Monitoring - Ensure apps and infrastructure are available on request, alert of any issues
- logging is raw data only, we dont do anything
- Monitoring is admins making sure infrastructure and apps are available. Use of the raw data
- You cannot have monitoring without logging
Administrative Personnel Controls
Threat Intelligence
- Threat Feeds
- Threat Hunting
Threat Feeds
* raw data on current and potential threats
* Usable data such as suspicous domains, malware, hases, potential malicious code, flagged IPs
Threat Hunting
* Assume attackers are abel to access our network undetected
Administrative Personnel Controls
UEBA
User and Entity Behaviour Analytics
- Machine/deep learning model
- Typical and atypical user behaviour, set baselines
- Deviations from baselines detects anomalies
Administrative Personnel Controls
3 things required for UEBA
- Use Cases
- Data Sources
- Analytics
- Use Cases - what normal user activity looks like
- Data Sources - Data source i.e. data lake/warehouse or SIEM
- Analytics - Build baselines to detect anomalies
* remember different users have different use cases
* use automation to look for anything our of the ordinary
* early on in implementation, there will be a lot of fasle positives
