| 2.7.5 Privileged User Management |
|---|
| Privileged User Management: | | Dedicated servers may be expensive, but are more secure than virtual shared tenant servers. | | Server racks are located in multiple UK Internet backbone data cntres - very physically secure buildings (without visitors). | | Servers are configured in a Three Tier Architecture (3TA) with web servers, application servers and database servers in each physical location. | | Web servers have a Single Program Application Stack (SPAS) - the security surface that can be attacked has been minimised. | | Replicated data is stored in encrypted databases that have message switching using encrypted tunnels between data centers - multiple remote copies of data always exist. | | Assigned pass phrases for all authorized users to ensure that the pass phrase is not used by other application that may be compromised and the pass phrase leaked. | | Sign in services are of the highest quality with many layers of security and blacklisting to prevent more than 3 attempts to guess an authorized users pass phrase. |
| Privileged User Precautions: | | 1. Must not use a mobile phone - every phone call is recorded to determine your community of associates. | | 2. Must not use email - every email is recorded to build a pattern of who you communicate with. | | 3. Must not use FaceBook - such data will identify your followers and you are guilty by association. | | 4. Must not use Twitter, Linkedin, etc - what you once said will be used against you one day. |
| Privileged User Management: | | 1. Mobile phone is for outgoing emergency calls only - only one trusted person knows your mobile phone number. Land lines are 1000 time more secure. | | 2. Shared encrypted messages has replaced email for everybody who can sign in - emails to others are a private acknowledgements only. | | 3. Facebook is a corporate billboard where approved marketing messages are published - Facebook is an intelligence gathering tool. | | 4. Linkedin is a private recruiting tool to gather intelligence about others - no private data can be published and remain private. |
| Pass Phrase: | | The ASP have modes on from simplistic login facilities to deploy a very secure sign in service with many layers of security. While a simple login may have been good enough in the good old days, it is no longer fit for purpose and much stronger sign in services are manadated to for user authentication. | | The ASP have chosen to assign all user pass phrases so the pass phrase assigned will not be the same password used by a another application that may be hacked and all user profile data made available to criminals. When sony had 75 million user names, email addresses and passwords stolen, it becaame clear that user assigned pass phrases were no longer good enough to stay one step ahead of the cyber criminal. Any company that permits a user to have the same password for their business applications and their private applications is gambling that other private applications will not be hacked and passwords become available to be used by criminals. | | The ASP will not gamble with user authentication and will assign strong pass phrases that are not the same as the user has for their FaceBook and gMail accounts. Every pass phrase will consist of at least: two upper case characters; two lower case characters, two numbers and two symbols arranged in a memorable phrase of at least 12 and up to 64 characters. The terms "password" and "login" are now obsolete - "pass phrase" and "sign in" are more applicable. |
| Risk Management: | | Cloud application services can be much more secure than traditional client-server software solutions. | | Physical security of the UK Internet backbone data centers can be much more secure than racks of servers in a company office. | | Disregard all (cheap) shared services and adopt dedicated (more expensive) infrastructure services. |
| Maturity: | | Amazon EC2 with separate SECAAS external security audit. | | Disregard all (cheap) shared services and adopt dedicated (more expensive) infrastructure services. |
| Cloud Based E-Mail: | | IBM Lotus Notes, GMail, Hotmail. | | We monitor data leakage via a web security as a service. | | Federal government is now usiing these cloud based email services - they can be made to be secure. |
| Monitoring Management: | | Continual security management with 24/7 monitoring to prove in an open and transparent way. | | Security is a hybrid cloud solution. | | Only suitable where a proxie can be installed on a computer. |
| Super user privalege management: | | Separation of duties. | | Authentication is a web service using perfectly normal facilities and avoiding special system administration facilities. |
| Privileged User Separation of Roles: | | Compliance Management demands that no single privileged user can have the right to approve, change, validate and monitor a change to an operational application service. At least 3 people must be involved in any privileged service change - this shall cause an unauthorized fraud to become a conspiracy. |
| Privileged User Management: | | 1. A Change Manager (3.1) is assigned the right to authorize a service change, but that person does not have the right to make such a service change. | | 2. An Information Engineer (3.3) is assigned the right to make the authorized service change, but that person does not have the right to authorize such a service change. The Information Engineer informs the Change and Validation Manager when the authorized service change has been made. | | 3. A Validation Manager (3.5) is assigned the right to validate the authorized service change, but that person does not have the right to authorize or make such a service change. The Validation Manager informs the Change Manager that the authorized service change (and nothing but the authorized service change) has been made. |
| Privileged User Roles: | | 1. The application service is configured as a set of components and each component has a unique release version control and archive. | | 2. The Change Manager (3.1) identifies a specific component that is scheduled to be changed - that component is copied from the operational environment to an archive and to a development environment where it may be changed by an Engineer. | | 3. The Information Engineer (3.3) is scheduled to make an approved service change tot he component in the assigned development environment - the engineer does not have access to other components or other environments. | | 4. The Validation (and Deployment) Manager (3.4 + 3.5) will validate the approved change in the development environment and schedule its migration back to an operational environment - only the authorized component is migrated back to the operational environment. | | 5. In the event of any operational issues, the archive copy of the component is reinstated by the Operations Manager (4.6) in a few moments and the change cycle can begin again. |
| Asset and Configuration Management: | | Application service components can be complex hierarchical objects that are managed by the Service Asset and Configuration Manager (3.6). For example; where a new customer field is to be added, at least 50 different specification components may be directly involved in the authorized improvement request. In addition, an extra customer field will have a purpose that may be reflected in many management information reports as different components. |
|
|