Preventing Good People From Doing Bad Things
In today’s turbulent technological environment, it’s becoming increasingly crucial for companies to know about the principle of least privilege. These organizations often have the best security software money can buy, with equally developed policies with which to execute them, but they fail to take into account the weakest link in their implementation: human nature. Despite all other efforts, people can sway from what they should be doing.
Preventing Good People from doing Bad Things drives that concept home to business executives, auditors, and IT professionals alike. Instead of going through the step-by-step process of implementation, the book points out the implications of allowing users to run with unlimited administrator rights, discusses the technology and supplementation of Microsoft’s Group Policy, and dives into the different environments least privilege affects, such as Unix and Linux servers, and databases.
Readers will learn ways to protect virtual environments, how to secure multi-tenancy for the cloud, information about least privilege for applications, and how compliance enters the picture. The book also discusses the cost advantages of preventing good people from doing bad things. Each of the chapters emphasizes the need auditors, business executives, and IT professionals all have for least privilege, and discuss in detail the tensions and solutions it takes to implement this principle. Each chapter includes data from technology analysts including Forrester, Gartner, IDC, and Burton, along with analyst and industry expert quotations.
What you’ll learn
- Why unlimited administration rights are a bad thing
- Why least privileges is a good solution
- Effective implementation of least privileges
- Least privileges on Unix and Linux servers
- Issues with Microsoft’s Group Policy
Who this book is for
The audience is segmented into three separate categories, all of which are clearly addressed and weighed-in on in each chapter: the auditor, the businessman, and the IT professional.
Table of Contents
- The Only IT Constant is Change
- Misuse of Privilege is the New Corporate Landmine
- Business Executives, Technologisst and Auditors Need Least Privilege
- Supplementing Group Policy on Windows Desktops
- Servers Are the Primary Target for Insiders and Hackers Alike
- Protecting Virtual Environments from Hypervisor Sabotage
- Secure Multi-Tenancy for Private, Public and Hybrid Clouds
- Applications, Databases, and Desktop Data Need Least Privilege, Too
- Security Does Not Equal Compliance
- The Hard and Soft Cost of Apathy
- Final Thoughts for Least Privilege Best Practices
- Paperback: 220 pages
- Publisher: Apress (October 2011)
- Language: English
- ISBN-10: 1430239212
- ISBN-13: 978-1430239215