Print this chapterPrint this chapter

Access Control Fundamentals

3. Access Control Principles

  • Principle of Least Privilege: States that if nothing has been specifically configured for an individual or the groups, he/she belongs to, the user should not be able to access that resource i.e.Default no access
  • Separation of Duties: Separating any conflicting areas of responsibility so as to reduce opportunities for unauthorized or unintentional modification or misuse of organizational assets and/or information.
  • Need to know: It is based on the concept that individuals should be given access only to the information that they absolutely require in order to perform their job duties.