Blog Post

Security Basics: The Principle of Least Privilege

,

Whenever I’m asked about creating a security model for an application or database, I tell folks to follow the Principle of Least Privilege. There are several definitions out there, some wordier than others. Here’s mine:

Give the permissions necessary to do the job. No more. No less.

If this is the basis for your security model, you’re in good shape. I often tie the Principle of Least Privilege into the CIA Triad for information security. I’ll cover that in another post. However, the CIA triad is an acronym of these three words: Confidentiality, Integrity, and Availability. These are referring to systems and data. With that as a basis, here’s how the Principle of Least Privilege is connected to the CIA triad:

The permission to do the job.

Nothing more.

  • Threatens confidentiality.
  • Threatens integrity.

Nothing less.

  • Threatens availability.

Rate

5 (1)

You rated this post out of 5. Change rating

Share

Share

Rate

5 (1)

You rated this post out of 5. Change rating