dc
Radina99
Discussion.docxDiscussion-1 150 words Every program and a user who utilizes a system should function utilizing the least set of privileges required for completing the job. Mainly, the principles minimized the damage that can be a result of an accident or an error. The principle also minimizes the number of plausible interactions between privileged programs in order to the least for the right operation, which will ensure that unwarranted use of the privileges doesn’t transpire. If any question associated with the improper use of a privilege emerges, there will be a reduction in the number of programs that are to be audited. For instance, if a technique can furnish firewalls, then the principle of least privilege furnishes an explanation on where to place the firewalls. The security role of ‘need to know’ adopted by the military is seen as an instance of the principle of least privilege (Schneider, 2013).
The best practices for implementing the principles of least privilege include minimizing account privileges depending on the necessities of the job. Here, every user should have a least-privileged account, allowing the user to carry out the necessary tasks as needed for their job. It is also important for minimizing the privileges for non-human user accounts like service accounts. To transpire, it is important to review and evaluate the vendor documentation for understanding the minimum privileges needed for each application. If it is required to have administrative access to the application server, the organizations should be careful in their endeavors (Schneider, 2013).
It would be a robust practice for testing the application before implementing it, so it becomes possible to test different configurations. It is also vital to periodically review access rights to ensure the principle is adhered to and make changes if necessary. For instance, there will be a change of roles in the organization’s employees, so it is vital to add or remove privileges for reducing risks. According to the DHS, the principle of least privilege should be implemented by every organization as part of their security strategy to limit user access to the means and resources required for completing their tasks (Ma et al., 2016). The DHS stresses the vitality of employing the policy to all the organizations' assets and resources. They suggest the employment of application whitelisting and local administrative permission for realizing a robust principle of least privilege policy. Whitelisting aids in preventing unwarranted software from operating on the system.
Moreover, the principles of least privilege are primarily employed while administrating the systems. The principle focuses on reducing risks by minimizing the number of users who can access the vital system security controls. For instance, it results in the controlling and regulation of the users that can enable or disable the security controls and features of a system or modify user accounts' privileges. A robust practice is to establish numerous administrators, each with limited access to security assets, instead of having a single person having comprehensive access to everything. Role-based access controls should be applied to the user accounts based on their job requirements; then the users will be given the least amount of privileges to carry out their tasks and moreover will have access only to the information that they need to complete their job (Ma et al., 2016).
References
Ma, X., Li, R., Lu, Z., Lu, J., & Dong, M. (2016). Specifying and enforcing the principle of least privilege in role‐based access control. Concurrency and Computation, 23(12), 1313-1331. https://doi.org/10.1002/cpe.1731
Schneider, F. (2013). Least privilege and more. IEEE Security and Privacy Magazine, 1(5), 55-59. https://doi.org/10.1109/MSECP.2003.1236236
Discussion-2 150 words
Without fail, the team has to secure the data of the attack by reacting very quickly; how hackers must hack the Windows server message block must be estimated by it and also how to unlock it and how to save the pirates. To the maintenance of law enforcement duties from the back seat, DHS must go that are part of the investigation, but by bringing a clear picture in mind to criminal investigations the technical experts should be aware. In the DHS by security experts of information, this is the major role to be played. Protecting DHS from online threats is the next step. With a quarter of a million employees, a most important part of the federal government is DHS. To prevent attacks DHS should also ensure seek ways. In this case, deception is the technique they should consider. The establishment of the network can develop an imitation is implied by this in which hackers can focus on thought is the real system.
To maintain a peaceful and quiet location it is preferable that they are trying since the attack has already occurred while notifying the public of the need to avoid any kind of speculation. The defense department, the head of power grid infrastructure as well as IT and infrastructure, of all public and financial government institutions are the key officials with which It is considered to hold an emergency meeting from government agencies and relevant people. Establishing the damage and threats caused by such an attack will get help by gathering this. If they try to maintain a peaceful it will be best since the attack has already taken place, and calm situation to avoid any kind of speculation while notifying the public of the need.
References
DHS(2018). DHS CyberSecurity Strategy. Retrieved From,
https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf
Ncsl(2018). Presidential Executive Order on CyberSecurity. Retrieved From,
Discussion-3 150 words
The least privilege concept refers to a practice of denying access rights to computing processes, accounts, and users to only authorized resources needed to conduct routine, legitimate actions (Sanders & Yue, 2019). Privilege refers to having the permission to bypass various security restrictions. When this practice is applied to individuals, it is known as the least privilege principle. Giving the smallest amounts of user rights, or minimal clearance level, helps users conduct their duties. However, the practice of least privilege is also applied to devices like IoT, systems, applications, and processes, in a way that every aspect has only the authorization needed to conduct a given activity.
I would like to work at Amazon. It is a technology company that operates internationally and deals with Artificial Intelligence, digital streaming, cloud computing, and e-commerce. In such a multinational organization, implementing different states of Least Privileges is essential. To achieve this, I would first evaluate the systems since some delegation or privilege assignments to individuals are based on role-based attributes like business units and parameters such as time, exceptional cases, and seniority. Different operating systems have diverse privilege settings in various user accounts, such as standard user and super user accounts (Sanders & Yue, 2019). Hence, these factors would help set up the least privileges in the Amazon organization's respective departments.
In this situation, the DHS should support the least privileged implementation by offering the necessary resources and skilled personnel for the activity. The main goal is to ensure every individual only has access to what he deserves. Thus, it lowers the risk of hacking or giving all individuals access to delicate information of the company (Sanders & Yue, 2019). However, the best practice would involve different administrators with limited access to security patterns instead of using one individual and giving them super user permissions.
Reference:
Sanders, M. W., & Yue, C. (2019, December). Mining least privilege attribute-based access control policies. In Proceedings of the 35th Annual Computer Security Applications Conference (pp. 404-416).
