Which statement below is the BEST definition of need-to-know?
A.
Need-to-know requires that the operator have the minimum knowledge of the system necessary
to perform his task.
B.
Need-to-know ensures that no single individual (acting alone) can compromise security
controls.
C.
Need-to-know grants each user the lowest clearance required for their tasks.
D.
Need-to-know limits the time an operator performs a task.
Explanation:
The concept of need-to-know means that, in addition to whatever
specific object or role rights a user may have on the system, the
user has also the minimum amount of information necessary to perform
his job function.
* Answer “Need-to-know ensures that no single individual (acting alone) can compromise security
controls.” is separation of duties, assigning parts of tasks to different personnel.
*Answer “Need-to-know grants each user the lowest clearance required for their tasks.” is least
privilege, the user has the minimum security level required to perform his job function.
*Answer “Need-to-know limits the time an operator performs a task.” is rotation of duties, wherein
the amount of time an operator is assigned a security-sensitive task is limited before being moved
to a different task with a different security classification.