Least Privilege
From MgmtWiki
Full Title or Meme
The Principle of Least Privilege is as old a computer applications to National Security.
Context
If a user is granted administration privilege on a computer system, any program running as that user has complete control of the computer system. If that is a highly privileged computer, that app has all of those high level privileges.
Problems
- Enforce principle of Least Privilege through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to human identities as well as non-person (e.g., software) identities. In cloud environments, non-person identities (service accounts or roles) with excessive privileges are a key vector for lateral movement and data access. Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.[1]
Applications
References
- ↑ CISA 2021 Trends Show Increased Globalized Threat of Ransomware. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a