ABSTRACT
Operations security is primarily concerned with the protection and control of information processing assets in centralized and distributed environments. The security service of availability is the core goal for operations security. There are a number of processes and techniques that can be implemented to ensure that a system can maintain the desired availability when faced with threats that impact operations. This chapter discusses the concepts and techniques a security practitioner will need to implement to satisfy the availability requirements of a given system. This topic is divided into the following sections:
• Privileged entity controls • Resource protection • Continuity of operations • Change control management
Privileged Entity Controls
This section discusses the assignment of privileges to various classes of system accounts. Operators, system administrators, service accounts, and security administrators have different functions and services. The assignment of privileges among the accounts should follow the concepts of least privilege and separation of duties. Ordinary user accounts, which are given minimal system privileges, are also discussed.
