Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] Question

from [Mooney Sherman] Network Security [Permanent Link]
Subject: RE: [CISSP-D] Question
Date: Sat, 3 Dec 2005 18:06:08 -0700 
Hi Waheed:
 
I would say - 2- Job rotation of operations personnel.because this may provide 
access to various unauthorized resources at different times by various 
personnel - so it would be difficult to audit and keep track of the 
unauthorized data and how it is used. Unless auditing was turned on for 
authorized/unauthorized and reviewed deligently to see who is accessing what - 
this may help in tracking the culprit but won't prevent the damage from 
occuring.
 
Cheers
 
Mooney

-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com]On 
Behalf Of Waleed Omer
Sent: Tuesday, November 29, 2005 8:05 AM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] Question



Dear Colleagues,

 

I would like to know if you have a definite answer for this quiz:

 

 

Which of the following security controls might force an operator into collusion 
with personnel assigned organizationally within different function in order to 
gain access to unauthorized data?

 

1- Limiting the local access of operations personnel.

 

2- Job rotation of operations personnel.

 

3- Management monitoring of audit logs.

 

4- Enforcing regular password changes.

 

Thanks & Regards,

Waleed Omar


  _____  

YAHOO! GROUPS LINKS 


        
*        Visit your group " CISSP-Discuss 
<http://groups.yahoo.com/group/CISSP-Discuss> " on the web.
  

*        To unsubscribe from this group, send an email to:
  CISSP-Discuss-unsubscribe@yahoogroups.com 
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe> 
  

*        Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service 
<http://docs.yahoo.com/info/terms/> . 


  _____  


----------------------------------------------------------------------------

This communication is intended for the use of the recipient to which it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communication received in error, or subsequent reply, should 
be deleted or destroyed.


----------------------------------------------------------------------------

This communication is intended for the use of the recipient to which it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communication received in error, or subsequent reply, should 
be deleted or destroyed.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] Whitepapers & Article .... ....In "Network Security", victoria_mek
Next by Date:  [CISSP-D] Any study group in Chicago for FEB 5th?, omar_sara
Previous by Thread:  [CISSP-D] Question, Waleed Omer
Next by Thread:  RE: [CISSP-D] Question, Roshan Mani
Indexes:  [Date] [Thread] [Top] [All Lists]