Authentication, authorization, and auditing
In most workplaces, different workers perform different jobs, have different information access needs, and therefore require different privileges to manage their access requirements. Management must have some way to trust that only the authorized users are accessing only the content they are authorized to access. To maximize security, most information systems default to a state of no access and then only specifically grant Allow access permissions to provide access. Remember that this granting of allow permissions should always follow the principle of least privilege, allowing only the minimum level of privilege a user must have to perform his assigned work and no more privilege than that.
Before privileges ...
Get CISSP Training Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.