Page 720 - StudyBook.pdf
P. 720

704    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery


                       ■  Disposal and destruction, which establishes procedures dealing
                          with the safe disposal and destruction of data and equipment.
                       ■  Incident response policies, which provide a clear understanding
                          of what decisive actions will be taken when an incident occurs,
                          and who will be responsible for investigating and dealing with
                          problems.



             Privilege Management


             Privilege management involves the administration and control of the resources and data
             available to users and groups in an organization. For example, privilege management
             would determine whether a specific user could print to a particular printer, use a
             special program, or access files in specified directories.Through privilege manage-
             ment, administrators maintain control over user access on a granular level.
                 As will be seen later in this chapter, privilege management can be performed in
             a variety of ways. Privileges can be controlled by the accounts created for users,
             groups, and roles associated with the accounts, on the basis of servers to which a
             user connects, and other elements of a system. Firm control of access is vital to
             protecting a network and its resources from adverse security situations.

             User/Group/Role Management

             Network and computer operating systems provide different ways to define access
             permissions for users of a computer or network.The permissions may be specific
             to the user logging in, to a group of users with similar access needs, or to the role
             the users perform in a company.While user accounts generally apply to a single
             user, groups and roles can be associated with these accounts to control access on a
             larger scale.
                 A user account can be created for each individual, so that each person can log
             onto a system, perform specific actions, and access the data they need.A default
             account may be created, such as a guest account, which allows users to have very
             limited access. It will control the default user’s ability to access data on the net-
             work, use programs, view information on a corporate intranet, or view non-sensi-
             tive data.
                 On the other end of the scale, an administrative account is used to provide full
             control access to a machine, system, or network. OSes may provide a default
             administrator account, which should be eliminated and replaced with an account(s)
             that has administrative rights.This makes it more difficult for hackers to access the



          www.syngress.com
   715   716   717   718   719   720   721   722   723   724   725