Statements (41)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Security Principle
|
| gptkbp:alsoKnownAs |
Principle of Least Privilege
|
| gptkbp:appliesTo |
gptkb:Access_Control
gptkb:Computer_Security |
| gptkbp:benefit |
Facilitates auditing and monitoring
Limits spread of malware Minimizes attack surface |
| gptkbp:challenge |
Balancing usability and security
Complexity in large organizations Managing privilege creep |
| gptkbp:defines |
Users, programs, and systems should be granted the minimum levels of access necessary to perform their functions.
|
| gptkbp:enforcedBy |
Security Policies
User Permissions Access Control Mechanisms Privilege Management Tools |
| gptkbp:example |
Applications run with only necessary permissions
Database accounts have only required access Standard users do not have administrator rights |
| gptkbp:goal |
Limit potential damage from accidents or attacks
Reduce security risks |
| https://www.w3.org/2000/01/rdf-schema#label |
Least Privilege Principle
|
| gptkbp:originatedIn |
gptkb:Saltzer_and_Schroeder's_1975_paper
|
| gptkbp:recommendation |
gptkb:NIST
gptkb:ISO/IEC_27001 gptkb:CIS_Controls |
| gptkbp:relatedTo |
gptkb:Role-Based_Access_Control
gptkb:Separation_of_Duties Access Control System Zero Trust Security Model |
| gptkbp:usedIn |
Cloud Computing
Network Security Operating Systems Application Security Database Management |
| gptkbp:violatedBy |
Granting excessive permissions
Not revoking access when no longer needed Using shared privileged accounts |
| gptkbp:bfsParent |
gptkb:Privilege_Escalation
gptkb:Identity_and_Access_Management gptkb:Broken_Access_Control |
| gptkbp:bfsLayer |
6
|