Let’s begin with some terms you’ll need to be aware of:
Least privilege – this is referring to access level. For example, access to a database containing SSNs – not everyone in the world needs access to such a database, only those performing certain job functions would need access.
- Compartmentalization – also known as “need to know”. In the prior context, need to know is more behavior-based. For example, those who are working within the SSN database previously mentioned would not be allowed to discuss which SSNs they are working on, or which cases, accounts, or customers they are working on – they would not be allowed to discuss with anyone they know unless that person has a “need to know”. Think of it as justification for access to the SSN database, or the reason for having access levels. Need to know is a subcomponent of least privilege.
Separation of duties – this refers to limiting the control of people over processes. The idea is that one person cannot have total control over a process, set of instructions, or steps to complete a transaction. Example: the person creating an invoice cannot issue the check to pay that invoice, and the person who authorizes the invoice for payment cannot be the person who releases/authorizes the check for payment. The idea is to prevent insider threats, or at least make it difficult without some form of collusion.
Job rotation – provides the following benefits:
- To discover insider threats
- Reduce single points of failure (cross training staff)
- Increases morale, trust among employees, and increased skills
The ISC2 Information Lifecycle is presented below, keep in mind that security should be sufficient at all stages:
- Create – obviously refers to creation or collection of the data.
- Store – where to put the data as it is created/collected.
- Use – processing of the data; using internally.
- Share – sending the data outside to third parties; includes selling, publishing, data exchange agreements, etc.
- Archive – long term storage. Not regularly used.
- Destruction – permanent destruction of the data.
Sandboxing – refers to an isolated environment for testing hardware or software.
- Hardware – a simulated production environment that has the same components or sampling of components to ensure a fair representation of the production environment.
- Software – a constricted space to test software installations. The constricted space can be in the form of a virtual machine that simulates hardware with installed software that has no interconnectedness with the underlying host.
Honeypot – a distraction for intruders or attackers that allow an organization to capture, log, and watch what intruders might be doing within their environment (but not to entice, as this could be considered entrapment in legal terms – also cannot be used to hackback). A collection of interconnected honeypots is called a honeynet. Placement for honeypots/nets is usually within a demilitarized zone (DMZ).