Chapter 16: Managing Security Operations Flashcards
The _____ principle imposes the requirement to grant users access only to data or resources they need to perform assigned work tasks.
need-to-know
The ______ principle states that subjects are granted only the privileges necessary to perform assigned work tasks and no more.
least privilege
_____ and responsibilities ensures that no single person has total control over a critical function or system.
Separation of duties (SoD)
_____ control (sometimes called the two-man rule) requires the approval of two individuals for critical tasks.
Two-person
____ (sometimes called rotation of duties) means that employees rotate through jobs or rotate job responsibilities with other employees.
Job rotation
Many organizations require employees to take ______ in one-week or two-week increments. This provides a form of peer review and helps detect fraud and collusion.
mandatory vacations
A simple ____ system is just a button that sends a distress call and are useful when personnel are working alone.
duress
____ management refers to managing both tangible and intangible assets. This typically starts with inventories of assets, tracking the assets, and taking additional steps to protect them throughout their lifetime.
Asset
____ assets include hardware and software assets owned by the company.
Tangible
_____ assets include patents, copyrights, a company’s reputation, and other assets representing potential revenue.
Intangible
____ refers to a system’s ability to add and remove resources dynamically, based on increasing or decreasing load.
Elasticity
_____ new systems refers to installing and configuring the operating system and needed applications.
Provisioning