Which statement below is the BEST definition of need-to-know?
A.
Need-to-know requires that the operator have the minimum knowledge of the system necessary
to perform his task.
B.
Need-to-know ensures that no single individual (acting alone) can compromise security controls.
C.
Need-to-know grants each user the lowest clearance required for their tasks.
D.
Need-to-know limits the time an operator performs a task.
Explanation:
The concept of need-to-know means that, in addition to whatever specific object or role rights a user
may have on the system, the user has also the minimum amount of information necessary to
perform his job function. * Answer “Need-to-know ensures that no single individual (acting alone)
can compromise security controls.” is separation of duties, assigning parts of tasks to different
personnel. *Answer “Need-to-know grants each user the lowest clearance required for their tasks.”is least privilege, the user has the minimum security level required to perform his job function.
*Answer “Need-to-know limits the time an operator performs a task.” is rotation of duties, wherein
the amount of time an operator is assigned a security-sensitive task is limited before being moved to
a different task with a different security classification.