Statements (41)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Security_Principle
|
| gptkbp:alsoKnownAs |
Principle of Least Privilege
|
| gptkbp:appliesTo |
gptkb:Access_Control
gptkb:Computer_Security |
| gptkbp:benefit |
Facilitates auditing and monitoring
Limits spread of malware Minimizes attack surface |
| gptkbp:challenge |
Balancing usability and security
Complexity in large organizations Managing privilege creep |
| gptkbp:defines |
Users, programs, and systems should be granted the minimum levels of access necessary to perform their functions.
|
| gptkbp:enforcedBy |
Security Policies
User Permissions Access Control Mechanisms Privilege Management Tools |
| gptkbp:example |
Applications run with only necessary permissions
Database accounts have only required access Standard users do not have administrator rights |
| gptkbp:goal |
Limit potential damage from accidents or attacks
Reduce security risks |
| gptkbp:originatedIn |
gptkb:Saltzer_and_Schroeder's_1975_paper
|
| gptkbp:recommendation |
gptkb:NIST
gptkb:ISO/IEC_27001 gptkb:CIS_Controls |
| gptkbp:relatedTo |
gptkb:Access_Control_System
gptkb:Role-Based_Access_Control gptkb:Separation_of_Duties Zero Trust Security Model |
| gptkbp:usedIn |
Cloud Computing
Network Security Operating Systems Application Security Database Management |
| gptkbp:violatedBy |
Granting excessive permissions
Not revoking access when no longer needed Using shared privileged accounts |
| gptkbp:bfsParent |
gptkb:Privilege_Escalation
gptkb:Identity_and_Access_Management gptkb:Access_Control_(AC) |
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Least Privilege Principle
|