Question

Which of the following BEST protects confidentiality of information?

a. Least privilege

b. Segregation of duties

Answer 1

Least Privilege is,The security implementation principle that deals such that users should only have access to information that enable them to perform their assigned job functions is Need to Know Least Privilege . Least privilage is Restricting access the information to those who need to have access is the most effective means of protecting confidentiality. for example Ammu, who works in the bank account section, was discovered to have been performing administrative level actions on the accounting servers during a recent audit. While these actions were not malicious in nature, Ammu doesn't work at a level that would typically require server administration duties. Least privilege applies in this sitaution.The intent behind both is to prevent people from having higher privilege levels than they actually need.Standardized security best practice are available for database and application servers.manager has been evaluated and in the past,receive third party security certification.primary security threats are:

• Man-in-the-middle attacks
• Denial-of-service attacks
• Password crack attacks
• Exploitation of authorization

Security Principles are To implement effective system security are the following basic principles:

• Separation of Duties
• Principle of Least Privilege
• Monitoring for Suspicious Activity (Auditing)
• Non-repudiation
• Encryption

Threat: Exploitation of authorization

security consideration: Segregation of duties

Exploitation of Authorization-Accesses resources not authorized to you files Segregation of Duties-No person should be given responsibility for more than one related function Best Practice is principle of least privileges

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces limiting access to Enterprise Manager resources such as targets, jobs, or monitoring templates for which they are not authorized. another Example,A user whose sole responsibility is to monitor and maintain a HR database does not need privileges to access and manage Enterprise Manager plug-ins on the Enterprise Management Services

segregation of Duties:is No user should be given responsibility for more than one related function.Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform with Enterprise Manager. This limits the ability of a user to perform a malicious action or unauthorized access and then cover up that action.for example admin responsible for creating user account.admin create unnecessary accounts, until for unauthorized colleagues to access confidential systems.If that administrator also has the ability to view and erase the audit logs, then there is a potential problem in that it prevents.ou want to separate the account creation duties from the security administration duties. Segregation of duties the Goal is to ensure the individuals do not have excessive system access that may result in conflict of interest .Most common implementation of segregation of duties policy is ensuring that security duties are separate from other duties.Subjects are granted only the privileges necessary to perform the assigned task .It protects confidentiality and Integrity .Typically it is focused on user privileges, but it can also be applied to processes and applications

The person who is the account administrator, in this case, should also not be the security administrator.there are diffrent.Assigns user only the minimum amount of privillages they need to perform their job is known as principle of Least Privilege.an mainly in computer security, or computer threats the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: shortly, the least amount of privilege necessary.there for in above reason conclude that the best protects confidentiality of information is Least privilege