Page 1126 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1126

tasks. The primary purpose is to keep secret information secret. If you
               want to keep a secret, the best way is to tell no one. If you’re the only

               person who knows it, you can ensure that it remains a secret. If you
               tell a trusted friend, it might remain secret. Your trusted friend might
               tell someone else—such as another trusted friend. However, the risk of
               the secret leaking out to others increases as more and more people
               learn it. Limit the people who know and you increase the chances of
               keeping it secret.


               Need-to-know is commonly associated with security clearances, such
               as a person having a Secret clearance. However, the clearance doesn’t
               automatically grant access to the data. As an example, imagine that
               Sally has a Secret clearance. This indicates that she is cleared to access
               Secret data. However, the clearance doesn’t automatically grant her
               access to all Secret data. Instead, administrators grant her access to
               only the Secret data she has a need-to-know for her job.


               Although need-to-know is most often associated with clearances used
               in military and government agencies, it can also apply in civilian
               organizations. For example, database administrators may need access
               to a database server to perform maintenance, but they don’t need
               access to all the data within the server’s databases. Restricting access
               based on a need-to-know helps protect against unauthorized access
               resulting in a loss of confidentiality.


               The Principle of Least Privilege


               The principle of least privilege states that subjects are granted only
               the privileges necessary to perform assigned work tasks and no more.
               Keep in mind that privilege in this context includes both permissions
               to data and rights to perform tasks on systems. For data, it includes
               controlling the ability to write, create, alter, or delete data. Limiting
               and controlling privileges based on this concept protects
               confidentiality and data integrity. If users can modify only those data

               files that their work tasks require them to modify, then it protects the
               integrity of other files in the environment.



                             The principle of least privilege relies on the assumption
   1121   1122   1123   1124   1125   1126   1127   1128   1129   1130   1131