CISSP - Need to know, least privilege and objects/subjects.

CISSP – Need to know, least privilege and objects/subjects.

Post author:Thor Pedersen
Post published:August 17, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

Least Privilege and Need to know.
- Least Privilege – (Minimum Necessary Access) Give users/systems exactly the access they need, no more, no less.
- Need to know – Even if you have access, if you do not need to know, then you should not access the data.
Non-repudiation.
- A user can not deny having performed a certain action. This uses both Authentication and Integrity.
Subject and Object.
- Subject – (Active) Most often users, but can also be programs – Subject manipulates Object.
- Object – (Passive) Any passive data (both physical paper and data) – Object is manipulated by Subject.
- Some can be both at different times, an active program is a subject; when closed, the data in program can be object.

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP – Need to know, least privilege and objects/subjects.

Thor Pedersen

You Might Also Like

CISSP Domain 7: Backups

CISM Domain 4: Information Security Incident Management – BIA (Business Impact Analysis).

CISSP – the CIA Triad – Confidentiality!