Statements (41)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Security Principle
|
gptkbp:alsoKnownAs |
Principle of Least Privilege
|
gptkbp:appliesTo |
gptkb:Access_Control
gptkb:Computer_Security |
gptkbp:benefit |
Facilitates auditing and monitoring
Limits spread of malware Minimizes attack surface |
gptkbp:challenge |
Balancing usability and security
Complexity in large organizations Managing privilege creep |
gptkbp:defines |
Users, programs, and systems should be granted the minimum levels of access necessary to perform their functions.
|
gptkbp:enforcedBy |
Security Policies
User Permissions Access Control Mechanisms Privilege Management Tools |
gptkbp:example |
Applications run with only necessary permissions
Database accounts have only required access Standard users do not have administrator rights |
gptkbp:goal |
Limit potential damage from accidents or attacks
Reduce security risks |
https://www.w3.org/2000/01/rdf-schema#label |
Least Privilege Principle
|
gptkbp:originatedIn |
gptkb:Saltzer_and_Schroeder's_1975_paper
|
gptkbp:recommendation |
gptkb:NIST
gptkb:ISO/IEC_27001 gptkb:CIS_Controls |
gptkbp:relatedTo |
gptkb:Role-Based_Access_Control
gptkb:Separation_of_Duties Access Control System Zero Trust Security Model |
gptkbp:usedIn |
Cloud Computing
Network Security Operating Systems Application Security Database Management |
gptkbp:violatedBy |
Granting excessive permissions
Not revoking access when no longer needed Using shared privileged accounts |
gptkbp:bfsParent |
gptkb:Privilege_Escalation
gptkb:Identity_and_Access_Management gptkb:Broken_Access_Control |
gptkbp:bfsLayer |
6
|