8.4. Enforcing Privilege Management

Privilege management involves making decisions about what information is accessed, how it's accessed, and who is authorized to access it. Unlike hardware access control, these concerns deal with policy and implementation issues. Additionally, the issue of auditing is a key factor: You should ensure that your organization doesn't provide more access or privileges than individuals need to do their work.

The following sections cover user and group roles, privilege escalation, single sign-on initiatives, auditing, and access control. Each of these considerations can be used to form an effective and coherent privilege management process. These processes allow users to gain access to the information they need, to ...

Get CompTIA Security+™ Deluxe: Study Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.