Most of us are familiar with the concept of restricting access and see or practice variations of this principle in everyday life. Similarly, to do their jobs, a marketing specialist does not need access to employee salary data, an entry-level government worker should not have access to top-secret documents, and a finance specialist should not be able to edit application source code. So, an employee whose job entails processing payroll checks would only have access to that specific function in a payroll application but would not have administrative access to the customer database. The principle of least privilege addresses access control and states that an individual should have only the minimum access privileges necessary to perform a specific job or task and nothing more. A supporting principle that helps organizations achieve these goals is the principle of least privilege. The three most important- confidentiality, integrity, and availability (the CIA triad)-are considered the goals of any information security program. Information security is a complex, multifaceted discipline built upon many foundational principles. What Is the Principle of Least Privilege?
0 kommentar(er)
