From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Join today to access over 23,200 courses taught by industry experts.
Need to know and least privilege
From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Need to know and least privilege
- [Narrator] Let's take some time to talk about a few of the key principles of information security. These are the general rules that form the foundation of many of the security controls that we put in place to protect our information and systems. The first of these principles is the concept known as need to know. In organizations that enforce need to know, individuals are not automatically given access to sensitive information simply because they possess the appropriate security credentials and clearance. Instead, access decisions are made on a case by case basis. And an individual must demonstrate that they have a valid business need to access information. This need to know principle is commonly followed in military and government circles that handle classified information. An extension of the need to know principle is the principle of least privilege. Least privilege says that an individual should be assigned the minimum…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.