Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this segment we explore the Principal of Least Privilege and how it impacts users on the network, access to network resources, and the process of establishing security controls to those network resources. You'll learn the benefits of role based access, the differences between rights and permissions, what separation of duties is, the benefits and purpose of establishing rights and permissions based upon role and job function, and how those decisions are made. [toggle_content title="Transcript"] The principle of least privilege dictates that our users be given only the exact amount of permission they need to get their work done, no more no less. You give insufficient, the users be complaining. Lots of calls to your help desk: "I can't do my work." "I can't get my work done." "I don't have this permission." "I don't have that permission." You give the exact amount of permission they need, they can get their job done. You exceed the permissions someone will abuse it. The principle of least privilege dictates that our users get only the exact permission they need to get their job done. Next we have the separation of duties. The principle of separation of duties dictates that critical job functions be broken down into multiple roles. We don't want one person alone carrying out critical job functions from the start to the finish. This could give room for abuse, could give room for fraud, could give room for malpractice so best practice you have 2 or 3 people involved. If person A starts off, person B can pick on and person C could finish up. However, you also need to be careful. You need to watch out for what we call collusion to ensure that these people do not rub their minds together to defeat the principles. Those are 2 very important principles under authorization, where we have this privilege and separation of duties. [/toggle_content]