Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 59

As you should expect, these key control principles of need to know, separation of duties, and least privilege also drive the ways in which you should configure and manage identity management and access control systems, as shown in Chapter 2. Best practices for implementing and managing any IAM system include:

 Create hierarchies of groups of user identities and accounts, with privileges assigned to limit users to the least privileges they require for related tasks and functions.

 Use role-based access control as part of your strategies so that one system or user must explicitly re-authenticate as they change roles to perform more privileged sets of tasks.

 Create nonprivileged user accounts and identities for systems administrators, and others with privileged accounts, and enforce their use for tasks that do not require elevated privileges (such as email or routine web page access).

 Separate groups of user identities and accounts (for people and nonhuman elements of your systems) based on separation of duties.

 Thoroughly examine all installed software, and connections to web or cloud-hosted applications platforms to identify any instances in which apps elevate privileges for nonprivileged users who use such apps or connection. Eliminate such elevation or find ways to explicitly control and restrict it.