I second Kasturi.
The testament --->> Page 789 of "All in One" 2nd Edition (Shon Harris).
-vishy
Kasturi Narahari Rao <naraharirao.kasturi@cmcltd.com> wrote:
Hi...
I think 1 is corect. Collusion is necessitated only when the person
doesnt have access to a particular function. Only option 1 talks
about 'limiting the local access of operations personnel', in which
case he/she has to necessarily collude with another operator who has
the necessary autjhorization for access, so as to access data to
which he/she is not authorized because 'access was limited '.
Regards
Narahari
--- In CISSP-Discuss@yahoogroups.com, "Mooney Sherman"
<Mooney.Sherman@g...> wrote:
Hi Waheed:
I would say - 2- Job rotation of operations personnel.because this
may provide access to various unauthorized resources at different
times by various personnel - so it would be difficult to audit and
keep track of the unauthorized data and how it is used. Unless
auditing was turned on for authorized/unauthorized and reviewed
deligently to see who is accessing what - this may help in tracking
the culprit but won't prevent the damage from occuring.
Cheers
Mooney
-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-
Discuss@yahoogroups.com]On Behalf Of Waleed Omer
Sent: Tuesday, November 29, 2005 8:05 AM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] Question
Dear Colleagues,
I would like to know if you have a definite answer for this quiz:
Which of the following security controls might force an operator
into collusion with personnel assigned organizationally within
different function in order to gain access to unauthorized data?
1- Limiting the local access of operations personnel.
2- Job rotation of operations personnel.
3- Management monitoring of audit logs.
4- Enforcing regular password changes.
Thanks & Regards,
Waleed Omar
_____
YAHOO! GROUPS LINKS
* Visit your group " CISSP-Discuss
<http://groups.yahoo.com/group/CISSP-Discuss> " on the web.
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com <mailto:CISSP-Discuss-
unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> .
_____
-------------------------------------------------------------------
---------
This communication is intended for the use of the recipient to
which it is addressed, and may contain confidential, personal, and
or privileged information. Please contact us immediately if you are
not the intended recipient of this communication, and do not copy,
distribute, or take action relying on it. Any communication received
in error, or subsequent reply, should be deleted or destroyed.
-------------------------------------------------------------------
---------
This communication is intended for the use of the recipient to
which it is addressed, and may contain confidential, personal, and
or privileged information. Please contact us immediately if you are
not the intended recipient of this communication, and do not copy,
distribute, or take action relying on it. Any communication received
in error, or subsequent reply, should be deleted or destroyed.
SPONSORED LINKS
Computer internet security Computer internet business Computer
internet access Computer internet help Cissp exam
---------------------------------
YAHOO! GROUPS LINKS
Visit your group "CISSP-Discuss" on the web.
To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
---------------------------------
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
