Subtitles of the Movie

The next couple of terms we'll talk about when talking about our basic terminology are the terms least privilege and separation of duties. Now, they're two principles that go hand in hand, but again, they're not exactly the same thing. But both of them are used to prevent people from having higher levels of authority or access or privileges than they need. Now least privilege and separation of duties should be enforced on all users and administrators at every level of the organization. That includes normal users, managers, network administrators, security administrators and so forth. First let's talk about the principle of least privilege. Essentially that states that users should only have the least amount of privileges necessary to do their job and no more than that. For example, if you have a user that's responsible for reading a document and reviewing it, they shouldn't necessarily have write privileges to that document. They definitely also shouldn't have the privileges or permissions required to give others permission to view the document. They only need the least amount of privileges to do their job. They also don't normally need, as normal users, they don't normally need higher level privileges such as administrative privileges. Unfortunately, a lot of times this happens in organizations over time where users eventually acquire more privileges than they need. This is called privilege creep and it happens because maybe a user needs something one day so you do it for them and then maybe they need the same privilege to be used again the next day and you say well, I'll just give you the permission to do that and then I'll take it back later and then you forget to take that permission back later, so it eventually over time grows. Now, use of these higher-level privileges should always be audited. In other words, whenever someone uses their administrative-level privileges, you should always know that. You should be able to look at the audit logs and say Sally used her privileges on this day to create a new user account and then you should double check those against the lists of user counts that are authorized to be created. Make sure that it was necessary. Any privileges you hand out should be controlled and you should hand those out very judiciously. You need to question whether this person actually needs the privileges you're giving them beyond the basics. Now, separation of duties, again, kind of goes hand in hand with this. Instead of limiting the privileges to a certain user, their level of privilege, you're also limiting their duties as well. For example, one person should not be the same person that does critical tasks all by themselves. The reason you might want to limit this is so that you limit the ability that people may have to perform a serious action, a malicious action and cover up that action. For an example, if you have a server administrator who is responsible for creating accounts on the serve, that server administrator may create unnecessary accounts, maybe for their friends, who have, and those accounts may have higher-level privileges. If that server administrator also has the ability to look at and erase the audit logs, then that's very bad. That prevents that person from being caught. So you should separate those duties out. The person who is the server administrator in this case should also not be the security administrator. So there's a little bit of separation of duties so that people can detect malicious actions when they happen. Now critical tasks should be seperated out so that they require two or more people to perform a critical task and that accountability control can be maintained. For example let's say you have very sensitive or even classified company documents and they need to be destroyed, you might what's called two person controller, two person integrity involved in this, that's where one person destroys the document and the other person witnesses the destruction physically. So that prevent one person if it was only a one person job from saying yes I destroyed those dcouments and then selling them to a competitor instead. So that's an example of two person integrity and an example where you may want to spread out a critical task over two or more people. Those are essentially the definitions of least privelage and seperation fo duties, you'll see those terms used alot out there in the security world and there's two things you definetly should do in your organization. urity world and there's two things you definetly should do in your organization.