What is the difference between least privilege and need to know?

seenagapeAugust 5, 2012

A.
A user should have least privilege that restricts her need to know.

B.
A user should have a security clearance to access resources, a need to know about those resources, and least privilege to give her full control of all resources.

C.
A user should have a need to know to access particular resources, and least privilege should be implemented to ensure she only accesses the resources she has a need to know.

D.
They are two different terms for the same issue.

Explanation:
C: Users should be able to access only the resources they need to fulfill the duties of their positions. They also should only have the level of permissions and rights for those resources that are required to carry out the exact operations they need for their jobs, and no more. This second concept is more granular than the first, but they have a symbiotic relationship.

One Comment on “What is the difference between least privilege and need to know?”

joe says:

March 6, 2016 at 12:25 pm

C is correct. A user should have a need to know to access particular resources, and least privilege should be implemented to ensure she only accesses the resources she has a need to know.

0

0

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

What is the difference between least privilege and need to know?

One Comment on “What is the difference between least privilege and need to know?”

Leave a Reply Cancel reply