One program might enable privileges to be set on individual fields, while another might have privileges set on a screen-by-screen or module basis. Each program will have its own security model. Most organizations use many different programs from a variety of vendors.
#Principle of least privilege in security software#
Much of an organization’s data is likely to be managed and accessed through software interfaces, such as an accounting or inventory management program. Some information will be stored in content management and sharing systems that might have similar functionality to network drives, but permissions are managed using administrative tools provided by the management system itself. Some information is stored in files and folders on network drives, with permissions set by system administrators using the operating system tools. In today’s networks, users access data in many different ways. When we think of data privileges, we are typically thinking of the ability to view information (read) and to change information (write), as well as creating and deleting records and files. Least privilege is a principle that is applied to both data and system functions. That employee should have read only privileges to payroll. The analyst never needs to make any updates to the payroll data. Consider a budget analyst that needs to review payroll information to complete a quarterly report. The principle of least privilege says that an individual should be given the bare minimum access needed to perform their job functions. More important, almost half (43%) of survey respondents said that insider attacks were more costly or damaging than outsider attacks. State of Cybercrime Survey from Carnegie Mellon University’s CERT Division found that 1-in-5 cyber attacks come from insiders. The crimes include fraud, stealing of company secrets, system sabotage and espionage. Known as insider threats, the list of ways that authorized users can cause mischief is sobering. The two principles are part of the broader topic of access control which addresses how user permissions are restricted to help ensure a secure environment. Least privilege and separation of duties are two related IT security concepts that are critical in the prevention of fraud and other abuses by employees and other authorized system users.
0 kommentar(er)
