Encyclopedia

least privilege

Also found in: Medical.

least privilege

A basic principle in information security that holds that entities (people, processes, devices) should be assigned the fewest privileges consistent with their assigned duties and functions. For example, the restrictive "need-to-know" approach defines zero access by default and then opens security as required. All data in a corporate network would be off-limits except to specific people or groups (see role-based access control).

In contrast, a less-restrictive strategy opens up all systems and closes access as required; for example, allowing employees access to all systems except human resources and accounting, which would be limited to only employees in those departments.
Copyright © 1981-2025 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
Mentioned in
References in periodicals archive
While common security models should be applied to the cloud as they are on-premises, workloads running in the cloud require new solutions for least access and least privilege that are more dynamic and less reliant on managing shared accounts and static passwords.
Centrify Joins Several Working Groups Within Cloud Security Alliance, Recognizing Key Role of Privilege Management in Cloud Security
Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.
Centrify recognizes key role of privilege management in cloud security
"This official also could not explain why administrators had not applied least privilege controls to the MarAd service account we accessed," according to the report.
U.S. Maritime Agency Found Vulnerable To Cyber Hackers
You can't trust a static password anymore, and every organization should adopt a mindset of "Never Trust, Always Verify, Enforce Least Privilege."
Happy World Password Day: experts share top tips to create secure passwords
There are a set of generally accepted security principles that should be implemented to reduce the risk of cyber-attack, they include: open design, compartmentalization, perimeter defence and minimisation of attack surface, defence in depth, and least privilege.
How we can protect our critical national infrastructure from cyber-attacks
* Privileged Access Management - The management of all privileged access into the Blockchain environment-from operating system to web applications including password management, least privilege access, session management, keystroke logging, and application to application key and password management.
Blockchain securitya,e1/4"Moving beyond the hype
Pairing Avecto with Bomgar's privileged account and session management technology will enable businesses to fully implement the principle of least privilege and defend themselves against threats.
Deal snapshot: BOMGAR CLOSES ACQUISITION OF AVECTO TO EXPAND PRIVILEGED IDENTITY/ACCESS
In the context of protecting personal information, which of the following is the best description of the principle of least privilege?
What's your fraud IQ? Best practices for protecting personally identifiable information
The objective of the Windows File Server Audit/Assurance Program is to ensure that auditors are mitigating network risks, enhancing operating-system security and providing administrator access based on the principle of least privilege, in an effort to ensure that data is properly stored and managed in Windows File servers.
ISACA RELEASES AUDIT AND ASSURANCE PROGRAMS
Copyright © 2003-2025 Farlex, Inc Disclaimer
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.