Which of the following should NOT be performed by an operator?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Under the principle of separation of duties, an operator should not be performing data entry.
This should be left to data entry personnel.
System operators represent a class of users typically found in data center environments where mainframe systems are used.
They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise.
They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs.
Operators have elevated privileges, but less than those of system administrators.
If misused, these privileges may be used to circumvent the systems security policy.
As such, use of these privileges should be monitored through audit logs.
Some of the privileges and responsibilities assigned to operators include: Implementing the initial program load: This is used to start the operating system.
The boot process or initial program load of a system is a critical time for ensuring system security.
Interruptions to this process may reduce the integrity of the system or cause the system to crash, precluding its availability.
Monitoring execution of the system: Operators respond to various events, to include errors, interruptions, and job completion messages.
Volume mounting: This allows the desired application access to the system and its data.
Controlling job flow: Operators can initiate, pause, or terminate programs.
This may allow an operator to affect the scheduling of jobs.
Controlling job flow involves the manipulation of configuration information needed by the system.
Operators with the ability to control a job or application can cause output to be altered or diverted, which can threaten the confidentiality.
Bypass label processing: This allows the operator to bypass security label information to run foreign tapes (foreign tapes are those from a different data center that would not be using the same label format that the system could run)
This privilege should be strictly controlled to prevent unauthorized access.
Renaming and relabeling resources: This is sometimes necessary in the mainframe environment to allow programs to properly execute.
Use of this privilege should be monitored, as it can allow the unauthorized viewing of sensitive information.
Reassignment of ports and lines: Operators are allowed to reassign ports or lines.
If misused, reassignment can cause program errors, such as sending sensitive output to an unsecured location.
Furthermore, an incidental port may be opened, subjecting the system to an attack through the creation of a new entry point into the system.
Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19367-19395)
Auerbach Publications.
Kindle Edition.
Which of the following should be performed by an operator? A.
Changing profiles -
B.
Approving changes -
C.
Adding and removal of users -
D.
Installing system software - Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment.
Source: MOSHER, Richard & ROTHKE, Ben, CISSP CBK Review presentation on domain 7.
An operator is a person responsible for the day-to-day management of a computer system. They are tasked with performing various duties such as monitoring system performance, ensuring backups are performed, and controlling job flow. However, there are some tasks that should not be performed by an operator.
A. Implementing the initial program load: This task involves loading the initial operating system onto a computer system. It requires a deep understanding of the system architecture and should be performed by a skilled technician. Operators may not have the necessary knowledge to perform this task, and attempting to do so could lead to system failure. Therefore, this task should not be performed by an operator.
B. Monitoring execution of the system: This is a critical task performed by operators. They are responsible for monitoring the system's performance, identifying potential issues, and taking appropriate action to resolve them.
C. Data entry: Operators may be responsible for entering data into the system, such as updating user accounts or inputting system parameters. This is a routine task that can be performed by an operator.
D. Controlling job flow: Operators are responsible for managing job flow, ensuring that jobs are run in the correct sequence and that they do not interfere with each other. This is an important task that requires attention to detail and good judgment.
In summary, the task that should not be performed by an operator is A. Implementing the initial program load. This task requires specialized knowledge that operators may not possess, and attempting to perform it could lead to system failure.