Least Privilege, Separation of Duties, and Need-to-Know
Read this section on access control principles. How would you describe the principle of least privilege, separation of duties, and need-to-know?
- Principle of Least Privilege: States that if nothing has been specifically configured for an individual or the groups, he/she belongs to, the user should not be able to access that resource i.e.Default no access
- Separation of Duties: Separating any conflicting areas of responsibility so as to reduce opportunities for unauthorized or unintentional modification or misuse of organizational assets and/or information.
- Need to know: It is based on the concept that individuals should be given access only to the information that they absolutely require in order to perform their job duties
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Last modified: Thursday, April 15, 2021, 3:51 PM