Control Title -> limit transaction privileges from terminal
Objective -> prevent loss or destruction of assets, prevent unauthorized browsing of systems files, prevent "hacking", prevent system crashes caused by unauthorized use of certain system commands
Description -> in addition to controlling resources (files, off-line data storage volumes, etc.), the transactions that a particular user is permitted to initiate are limited. What the system commands that a user can use or is informed of is controlled by the user's job duties. Thus, the system's level and application command, such as reporting who is currently logged into the system, are restricted on a need-to-know basis. Logs may be kept for all attempts to use an authorized system command; this can be used to determine who needs training or perhaps disciplinary action.
Strengths -> prevents users from performing unauthorized acts, including examination of files names of other users and other system-related commands. Without these systems transactions, compromise of the operating system and other such abuses are made significantly harder to accomplish. Because the system commands are monitored and controlled by the computer, they can be sustained and enforced.
Weaknesses -> may unduly restrict users' ability to perform their jobs, especially if the users are programmers. Undue restriction may result in reduced productivity and increased levels of frustration. Determination of what commands should be restricted may be involved and time consuming.
How to Audit -> examine system commands permitted for certain groups of users for reasonableness. Review request for changes in systems command privileges for authorization and need. If available, examine logs for unauthorized attempts to use systems commands that certain users are not permitted to use.
Purpose -> prevention
Control Area -> computer system
Mode -> computer operating system, computer application system
Area of Responsibility -> operations management
Cost -> medium
Principles of Note -> simplicity, least privilege, independence of control and subject, substantiality