Question

In: Computer Science

Which of the following BEST protects confidentiality of information? a. Least privilege b. Segregation of duties

Which of the following BEST protects confidentiality of information?

a. Least privilege

b. Segregation of duties

Solutions

Expert Solution

Least Privilege is,The security implementation principle that deals such that users should only have access to information that enable them to perform their assigned job functions is Need to Know Least Privilege . Least privilage is Restricting access the information to those who need to have access is the most effective means of protecting confidentiality. for example Ammu, who works in the bank account section, was discovered to have been performing administrative level actions on the accounting servers during a recent audit. While these actions were not malicious in nature, Ammu doesn't work at a level that would typically require server administration duties. Least privilege applies in this sitaution.The intent behind both is to prevent people from having higher privilege levels than they actually need.Standardized security best practice are available for database and application servers.manager has been evaluated and in the past,receive third party security certification.primary security threats are:

  • Man-in-the-middle attacks
  • Denial-of-service attacks
  • Password crack attacks
  • Exploitation of authorization

Security Principles are To implement effective system security are the following basic principles:

  • Separation of Duties
  • Principle of Least Privilege
  • Monitoring for Suspicious Activity (Auditing)
  • Non-repudiation
  • Encryption

Threat:

Exploitation of authorization

security consideration:

Segregation of duties

Exploitation of Authorization-Accesses resources not authorized to you files

Segregation of Duties-No person should be given responsibility for more than one related function

Best Practice is principle of least privileges

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces limiting access to Enterprise Manager resources such as targets, jobs, or monitoring templates for which they are not authorized. another Example,A user whose sole responsibility is to monitor and maintain a HR database does not need privileges to access and manage Enterprise Manager plug-ins on the Enterprise Management Services

segregation of Duties:is No user should be given responsibility for more than one related function.Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform with Enterprise Manager. This limits the ability of a user to perform a malicious action or unauthorized access and then cover up that action.for example admin responsible for creating user account.admin create unnecessary accounts, until for unauthorized colleagues to access confidential systems.If that administrator also has the ability to view and erase the audit logs, then there is a potential problem in that it prevents.ou want to separate the account creation duties from the security administration duties. Segregation of duties the Goal is to ensure the individuals do not have excessive system access that may result in conflict of interest .Most common implementation of segregation of duties policy is ensuring that security duties are separate from other duties.Subjects are granted only the privileges necessary to perform the assigned task .It protects confidentiality and Integrity .Typically it is focused on user privileges, but it can also be applied to processes and applications

The person who is the account administrator, in this case, should also not be the security administrator.there are diffrent.Assigns user only the minimum amount of privillages they need to perform their job is known as principle of Least Privilege.an mainly in computer security, or computer threats the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: shortly, the least amount of privilege necessary.there for in above reason conclude that the best protects confidentiality of information is Least privilege


Related Solutions

Discuss how HIPAA protects the privacy and confidentiality of patient information
Discuss how HIPAA protects the privacy and confidentiality of patient information
Which of the following best describes the job duties of security administrators? a) They create security...
Which of the following best describes the job duties of security administrators? a) They create security policies. b) They design secure systems. c) They check if employees comply with security policies. d) They ensure appropriate separation of duties exists to prevent abuse of privilege. Managing incident response is a key area of which of the following CBK domains? a) Information security governance and risk management b) Security architecture and design c) Business continuity and disaster recovery planning d) Operations security...
PROBLEM 4. SEGREGATION OF DUTIES Explain why each of the following combinations of tasks should or...
PROBLEM 4. SEGREGATION OF DUTIES Explain why each of the following combinations of tasks should or should not be separated to achieve adequate internal control. a. Approval of bad debt write- offs and the reconciliation of the accounts receivable subsidiary ledger and the general ledger control account. b. Distribution of payroll checks to employees and approval of employee time cards. c. Posting of amounts from both the cash receipts and the cash disbursements journals to the general ledger. d. Writing...
Which statement best describes the implied rights and duties of an employer that wishes to terminate...
Which statement best describes the implied rights and duties of an employer that wishes to terminate an employment relationship without cause? ( under canadian law system) a. Employers cannot be sued provided they provide two weeks of notice. b. Employers cannot terminate without just cause. c. Employers may terminate but must give reasonable notice. d. Employers may terminate provided they have “near cause” and give reasonable notice.
Which of the following is the best Lewis dotstructure for oxygen?     a   b...
Which of the following is the best Lewis dotstructure for oxygen?     a   b   c   d   e   f     Part B How many electrons should be shown in theLewis dot structure for hydrogen?     Part C Which of the following is the best Lewis dotstructure for chlorine?     a   b   c   d   e   f    
Circular 230, subpart B, lists practitioner duties and restrictions. Which of the following items is included...
Circular 230, subpart B, lists practitioner duties and restrictions. Which of the following items is included in this list? Practitioner _______________ a. may not advertise tax preparation services b. must provide the Secretary of the Treasure with information to investigate possible tax identify theft c. may not charge exorbitant fees d. may not provide financial planning services
Explain which approach you think is the best approach for defining legal duties to act. Be...
Explain which approach you think is the best approach for defining legal duties to act. Be sure to explain the reasons for your position
Which of these duties are responsibilities of the corporate treasurer? a. financial statements and taxes b....
Which of these duties are responsibilities of the corporate treasurer? a. financial statements and taxes b. cash management and tax reporting c. cash management and banking relationships d. raising capital and financial statements Corporate finance (Financial management) deals with main three types of managerial decision making problems in the context of business except: a. Investment decision making problems b. Financing decision making problems c. Staffing decision making problems d. Assets (working capital) management decision making problems
Please answer the following? a.    What are the functions Fed? b.     What are the duties of...
Please answer the following? a.    What are the functions Fed? b.     What are the duties of the Board of Governors of Fed? c.    What is the difference between Fed and ECB? d.     What is FOMC and state its functions.
1. Which of the following is NOT a reason for separating key duties such as custody,...
1. Which of the following is NOT a reason for separating key duties such as custody, authorization, and recordkeeping? A. Reducing labor costs B. Accuracy of processing C. Limiting the opportunity for fraud D. Compliance with regulations that require good internal controls 2. On November 4, Burton sold furniture to a customer for $9,000 with credit terms 2/10, n/60. Burton uses the gross method of accounting for sales discounts. If the full payment was received on November 9th, Burton would...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT