The Principle of Least Privilege

In this segment we explore the Principal of Least Privilege and how it impacts users on the network, access to network resources, and the process of establishing security controls to those network resources. You’ll learn the benefits of role based access, the differences between rights and permissions, what separation of duties is, the benefits and purpose of establishing rights and permissions based upon role and job function, and how those decisions are made. [toggle_content title="Transcript"] The principle of least privilege dictates that our users be given only the exact amount of permission they need to get their work done, no more no less. You give insufficient, the users be complaining. Lots of calls to your help desk: "I can't do my work." "I can't get my work done." "I don't have this permission." "I don't have that permission." You give the exact amount of permission they need, they can get their job done. You exceed the permissions someone will abuse it. The principle of least privilege dictates that our users get only the exact permission they need to get their job done. Next we have the separation of duties. The principle of separation of duties dictates that critical job functions be broken down into multiple roles. We don't want one person alone carrying out critical job functions from the start to the finish. This could give room for abuse, could give room for fraud, could give room for malpractice so best practice you have 2 or 3 people involved. If person A starts off, person B can pick on and person C could finish up. However, you also need to be careful. You need to watch out for what we call collusion to ensure that these people do not rub their minds together to defeat the principles. Those are 2 very important principles under authorization, where we have this privilege and separation of duties. [/toggle_content]
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?