Separation of duties and job rotation: - Least privilege: Means that a system's user should have the lowest level of rights and privileges necessary to perform their work and should only have them for the shortest length of time. - Two-man control: Two operators review and approve the work of each other, to provide accountability and to minimize fraud in highly sensitive or high-risk transactions. - Dual control: Both operators are needed to complete a sensitive task. - Job rotation: The process of limiting the amount of time an operator is assigned to perform a security related task before being moved to a different task with a different security classification.
Trusted Recovery: Ensures that security is not breached when a system crash or other system failure occurs. Is only required for B3 and A1 level systems. - Failure preparation: Backing up all critical files on a regular basis. - System recovery In common criteria three hierarchical recovery types - - Manual recovery - Automated recovery - Automated recovery without undue Loss
Configuration / Change Management Control: Procedures to implement and support change control process: - Applying to introduce a change - Cataloging the intended change - Scheduling the change - Implementing the change - Reporting the change to the appropriate parties
Clipping Levels: Thresholds for certain types of errors or mistakes allowed and the amount of these mistakes that can take place before it is considered suspicious. Once the clipping level has been exceeded, further violations are recorded for review.
Administrative Controls: Controls that are installed and maintained by administrative management to help reduce the threat or impact of violations on computer security. - Personal Security - Employment Screening or Background Checks - Mandatory Taking of Vacation in One Week Increment - Job Action Warnings or Termination - Separation of Duties and Responsibilities - Least Privilege - Need to Know - Change/Configuration Management Controls - Record Retention and Documentation
Record Retention: Data Remanence - Refers to the data left on the media after the media has been erased.
