China
Africa
Explore chapters and articles related to this topic
Security in the Cloud
Published in John W. Rittinghouse, James F. Ransome, Cloud Computing, 2017
John W. Rittinghouse, James F. Ransome
As discussed in Chapter 5, identity and access management is a critical function for every organization, and a fundamental expectation of SaaS customers is that the principle of least privilege is granted to their data. The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary.17 However, business and IT groups will need and expect access to systems and applications. The advent of cloud services and services on demand is changing the identity management landscape. Most of the current identity management solutions are focused on the enterprise and typically are architected to work in a very controlled, static environment. User-centric identity management solutions such as federated identity management, as mentioned in Chapter 5, also make some assumptions about the parties involved and their related services.
System Definition Recommendations and Advanced Concepts
Published in Magan H. Arthur, Expanding a Digital Content Management System, 2013
The distinction between privileges and permissions is common knowledge for system administrators of larger IT networks, but it might be new to the business owner of a content management system. Privileges define what users or user groups can do (read, edit, delete, download, version, and such). Permissions are assigned to the file or asset or any grouping of content. Permissions define what users or user groups are allowed to do with those assets. It is the combination of what a user can do and what a user is allowed to do that ultimately governs the rules.
Organizational Systems Security
Published in Sharon Yull, BTEC National for IT Practitioners: Core Units, 2009
On a networked system various privilege levels can be set up to restrict users’ access to shared resources such as files, folders, and printers and other peripheral devices. A password system can also be implemented to divide levels of entry according to job role and information requirements. For example, a finance assistant may need access to personnel data when generating the monthly payroll. Data about employees, however, may be password protected by personnel in the human resources department, so special permissions may be required to gain entry to this data.
Least Privilege across People, Process, and Technology: Endpoint Security Framework
Published in Journal of Computer Information Systems, 2022
Miloslava Plachkinova, Kenneth Knapp
General information security models often recommended by industry professionals include time-based security, defense-in-depth, baseline security, principle of least privilege, perimeter hardening, zero-trust, and intrusion detection/prevention. The principle of least privilege ensures that every user and system program should be given the least set of rights necessary to complete a job or task and nothing more.5 This principle can be applied to minimize the number of interactions among programs and users so that abuses or excessive privileges are less likely to occur. As a result, this principle limits the damage resulting from a security incident whether malicious or unintentional. The military security clearance rule of ‘need-to-know’ is an example of this principle. Applied to the endpoint, if a user does not have a ‘need-to-use’ a particular application, it should be restricted. The current paper exclusively uses the principle of least privilege as a general security model for promoting endpoint security in organizations. The proposed solution provides a holistic approach because we look into this principle from different aspects within an organization.
Flexible, decentralised access control for smart buildings with smart contracts
Published in Cyber-Physical Systems, 2022
Leepakshi Bindra, Kalvin Eng, Omid Ardakanian, Eleni Stroulia
Access control regulates what resources users may use, based on their assigned privileges. In principle, there are three general mechanisms for reasoning about what permissions should be given to a user. Extensions to these paradigms include risk-aware access control which associates a cost to providing access, and access control using building information models (BIMs) which incorporates the knowledge of building into access control.