Least Privilege

Full Title or Meme

The Principle of Least Privilege is as old a computer applications to National Security.

Context

If a user is granted administration privilege on a computer system, any program running as that user has complete control of the computer system. If that is a highly privileged computer, that app has all of those high level privileges.

Problems

Enforce principle of Least Privilege through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to human identities as well as non-person (e.g., software) identities. In cloud environments, non-person identities (service accounts or roles) with excessive privileges are a key vector for lateral movement and data access. Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.^[1]

Applications

References

↑ CISA 2021 Trends Show Increased Globalized Threat of Ransomware. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a

[1] CISA 2021 Trends Show Increased Globalized Threat of Ransomware. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a

[1]

Least Privilege

Contents

Full Title or Meme

Context

Problems

Applications

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links