Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] Question

from [Roshan Mani] Network Security [Permanent Link]
Subject: RE: [CISSP-D] Question
Date: Mon, 5 Dec 2005 10:53:21 +0530 
Hi Mooney,
 
I would say the answer is, "1- Limiting the local access of operations
personnel" . 
 
IMO, the question translates to how an operator can gain access to
unauthorised data in collusion with personnel assigned to different
functions within the org .. To me this means that the other personnel have
access to certain data, which the operator does not have access to.. and the
security control that enables this is "limiting the local access of ops
personnel" ! Unless "local access" has other connotations that I'm not aware
of..
 
Pls do comment..
 
regards,
Roshan Mani

  _____  

From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com]
On Behalf Of Mooney Sherman
Sent: 04 December 2005 06:36
To: Waleed Omer; CISSP-Discuss@yahoogroups.com
Subject: RE: [CISSP-D] Question


Hi Waheed:
 
I would say - 2- Job rotation of operations personnel.because this may
provide access to various unauthorized resources at different times by
various personnel - so it would be difficult to audit and keep track of the
unauthorized data and how it is used. Unless auditing was turned on for
authorized/unauthorized and reviewed deligently to see who is accessing what
- this may help in tracking the culprit but won't prevent the damage from
occuring.
 
Cheers
 
Mooney

-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com]On
Behalf Of Waleed Omer
Sent: Tuesday, November 29, 2005 8:05 AM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] Question



Dear Colleagues,

 

I would like to know if you have a definite answer for this quiz:

 

 

Which of the following security controls might force an operator into
collusion with personnel assigned organizationally within different function
in order to gain access to unauthorized data?

 

1- Limiting the local access of operations personnel.

 

2- Job rotation of operations personnel.

 

3- Management monitoring of audit logs.

 

4- Enforcing regular password changes.

 

Thanks & Regards,

Waleed Omar

----------------------------------------------------------------------------

This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communication received in error, or subsequent reply,
should be deleted or destroyed.


----------------------------------------------------------------------------

This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communication received in error, or subsequent reply,
should be deleted or destroyed.


  _____  

YAHOO! GROUPS LINKS 


        
*        Visit your group "CISSP-Discuss
<http://groups.yahoo.com/group/CISSP-Discuss> " on the web.
  

*        To unsubscribe from this group, send an email to:
 CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe> 
  

*        Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> . 


  _____
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] CISSP exam meetup group in Katy, Texas, haseeb_abdali
Next by Date:  Re: [CISSP-D] Question, Kasturi Narahari Rao
Previous by Thread:  RE: [CISSP-D] Question, Mooney Sherman
Next by Thread:  Re: [CISSP-D] Question, Kasturi Narahari Rao
Indexes:  [Date] [Thread] [Top] [All Lists]