Mark works as a Security Administrator for TechMart Inc. The company has a Windows-based
network. Mark has gone through a security audit for ensuring that the technical system is secure and
protected. While this audit, he identified many areas that need improvement. He wants to minimize
the risk for potential security threats by educating team members in the area of social engineering,
and providing basic security principle knowledge and he also wants to stress the Con?dentiality,
Integrity, and Availability triangle in his training. For this purpose, he plans to implement the
principle of least privilege. In which of the following way, it will affect his team members?
A.
They are required to ask administrator every time when they want to access resources.
B.
They are granted with a smallest set of privileges to the resources
C.
They are required to log on as administrator to have access to their resources
D.
The current resource access of team members will not change.
Explanation:
The principle of least privilege gives a user only those privileges that are essential to do his/her work.
In information security, computer science, and other fields, the principle of least privilege, is also
known as the principle of minimal privilege or least privilege. It define that in a particular abstraction
layer of a computing environment, every module has to be able to access only the information and
resources that are essential for its legitimate purpose. It needs that each subject in a system be
granted the most restrictive set of privileges required for the authorized tasks.