Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way.
Separation of duties helps prevent mistakes and minimize conflicts of interest that can take place if one person is performing a task from beginning to end.
Job rotation means that, over time, more than one person fulfills the tasks of one position within the company.
Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more.
Another way to protect resources is enforcing need to know, which means we must first establish that an individual has a legitimate, job role–related need for a given resource.
Mandatory vacations are another type of administrative control, though the name may sound a bit odd at first.
Security and Network Personnel
The following list lays out tasks that should be carried out by the security administrator, not the network administrator:
- Implements and maintains security devices and software
- Carries out security assessments
- Creates and maintains user profiles and implements and maintains
- Configures and maintains security labels in mandatory access control (MAC) environments
- Manages password policies
- Reviews audit logs
