Home Page Icon
Home Page
Table of Contents for
Title
Close
Title
by Brian Anderson, John Mutch
Preventing Good People from Doing Bad Things: Implementing Least Privilege
Title
Dedication
Contents
About the Authors
Acknowledgments
Introduction
Chapter 1: The Only IT Constant Is Change
Internal vs. External Threats
Privileged Identity Management Demystified
Priv·i·leged i·den·ti·ty
Privileged Accounts are Pervasive and Problematic
People Need Boundaries, Not Walls
Top 10 Reasons to Care About Who Has Privileged Access to Your IT
Federal Mandates for Least Privilege
The Yin and Yang of Security
What To Expect Next
Insiders Examined: The Villains
Insiders Examined: The Heroes
IT Infrastructure Requirements Examined
Compliance and Governance Requirements Examined
Hard and Soft Costs of Apathy Examined
Final Observations and Best Practices Examined
Weighing-In
Chapter 2: Misuse of Privilege Is the New Corporate Landmine
Disgruntled Dave Examined Closer
Accident Prone Annie Examined Closer
More Insider Breaches in the News
Identity Thief Irene Examined Closer
What Hackers Don't Want You To Know About User Privileges
Top Five Excuses for Data Breaches and What They Really Mean
HR and IT—How Security Can Make For Strange Bedfellows
Perhaps It's Time to “Geek Up” HR
Top Ten Reasons Good People Do Bad Things Without Least Privilege
Weighing In
Chapter 3: Business Executives, Technologists, and Auditors Need Least Privilege
Secure Sam Examined Closer
Least Privilege Lucy Examined Closer
Compliance Carl Examined Closer
The Problem Still Exists Between the Keyboard and Chair
The Swiss Cheese Model
Security Is a Team Sport and Least Privilege Is the Team Motto
Weighing In
Chapter 4: Supplementing Group Policy on Windows Desktops
Six Things You Should Know Before Migrating to MS Windows 7
Things You Should Know About MS UAC
Things You Should Know About MS AppLocker
Top Ten Reasons to Implement Least Privilege on Windows Desktops
The “Do-Nothing” Approach
Impact on the Help Desk
Microsoft Published Vulnerabilities
The Wild West
Survey Results Validate Problem
Least Privilege, Architecturally Speaking
Putting Least Privilege into Practice
Desktop Least Privilege in Production
Unpredictable Environments
Weighing In
Chapter 5: Servers Are the Primary Target for Insiders and Hackers Alike
Servers Store the Good Stuff
Server Breaches in the News
Black Market for Server Data
The Architecture of Server Least Privilege
Of WikiLeaks and Servers
WikiLeaks and WikiWar
Why Do You Sudo the Way You Do?
Top Ten Reasons to Implement Least Privilege on UNIX and Linux Servers
More Server Breaches in the News
Case Study: Replacing Sudo in a Production Environment
Vulnerability Scanning Requires Least Privilege
Patching Needs Least Privilege
Privilege Identity Management System Logs Help Spot Other Security Weaknesses
Weighing In
Chapter 6: Protecting Virtual Environments from Hypervisor Sabotage
Virtual Theft
Desktop Virtualization
Desktop Registry and File System Virtualization
The Virtual Shell Game
Controlling Virtual Sprawl with Least Privilege
Top Ten Reasons to Implement Least Privilege for Virtualized Servers
Role-Based Access Control
RBAC Is Not the Same as ACLs
Too Much Trust?
Least Privilege Architecturally Defined for Virtualized Environments
Virtualized Least Privilege Value
Weighing-In
Chapter 7: Secure Multi-Tenancy for Private, Public, and Hybrid Clouds
All Clouds Are Not Created Equal
The Elusive Unicorn
Top Ten Reasons to Implement Least Privilege For Private, Public & Hybrid Clouds
Is the Cloud Inherently Secure or Insecure?
Who's in Charge of Cloud Security?
To the Cloud, or Not
Security in Public Clouds
Trusted Digital Identities
Public Clouds Need Least Privilege
A Rose by Any Other Name
Case Study: Secure Multi-Tenancy in a Private Cloud
Logs in the Cloud
Implementing Least Privilege in the Cloud
Weighing In
Chapter 8: Applications, Databases, and Desktop Data Need Least Privilege, Too
Servers Store the Good Stuff…In Databases
DBA: The Privileged Database User
Database Security Risks
Legacy Applications Are Still Pervasive
Desktops Have Legacy Application Challenges as Well
Desktop DLP Helps Mitigate Different Insider Threats
Compliance Audit Failures
Stolen Fruit
Top Ten Reasons to Implement Least Privilege for Applications and Databases
In the News
Why Give a DAM
DAM Value
Implementing Least Privilege for Databases
Controlling Your Privileged Database Users
Weighing In
Chapter 9: Security Does Not Equal Compliance
GRC Demystified
Governance
Risk
Compliance: The Big C
Case Study: Using Least Privilege to Meet Compliance
The Demand of Compliance Versus the Ease of Open Source
Walk on the Wild Side of a Failed Audit
Case Study: Satisfying Auditing Challenges
Balancing Security, Productivity, and Compliance
The Tradeoffs Between Security and Productivity
Weighing In
Chapter 10: The Hard and Soft Cost of Apathy
Lessons from Jérôme Kerviel
Cyber Crime Can Be Lucrative
How Much Is Your Code Worth?
Lessons from Matt Miszewski
One in 14 Can Cost You $129 Without Least Privilege
Who's To Blame?
Hard Versus Soft Costs
The Soft Cost of Identity Breaches
Case Study: Saving Help-Desk Costs
Trust Alone Is Not an Option
Calculating Your ROI for Least Privilege
Cost-Justifying Least Privilege
Weighing In
Chapter 11: Final Thoughts for Least Privilege Best Practices
Intent Versus Action
Insider Threats Aren't Perpetrated By the Obvious
Preventing Security Storms
Bad Habits to Kick for IT Security
Balance Security and Productivity
Case Study: University Finds Balance
Passwords Authenticate for Least Privilege
Implement Least Privilege Now Not Later
Weighing In
Works Cited
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset