Least Privilege, Separation of Duties, and Need-to-Know

Read this section on access control principles. How would you describe the principle of least privilege, separation of duties, and need-to-know?
  • Principle of Least Privilege: States that if nothing has been specifically configured for an individual or the groups, he/she belongs to, the user should not be able to access that resource i.e.Default no access
  • Separation of Duties: Separating any conflicting areas of responsibility so as to reduce opportunities for unauthorized or unintentional modification or misuse of organizational assets and/or information.
  • Need to know: It is based on the concept that individuals should be given access only to the information that they absolutely require in order to perform their job duties

Source: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems#Access_Control_Principles
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Last modified: Thursday, April 15, 2021, 3:51 PM