medium
Single Answer
Myrsini was recently hired as the first chief information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Myrsini would like to apply some best practices for security operations as he is designing this program. As Myrsini decides what access permissions she should grant to each user, what principle should guide her decisions about default permissions?
Answer Options
A
Segregation of duties
B
Least privilege
C
Privilege creep
D
Separation of privileges
Correct Answer: B
Explanation
Myrsini should follow the least privilege principle and assign users only the permissions they need to perform their job responsibilities. Privilege creep is a term used to describe the unintentional accumulation of privileges over time. Segregation of duties and separation of privileges are principles used to secure sensitive processes.