China
Africa
Explore chapters and articles related to this topic
Security in the Cloud
Published in John W. Rittinghouse, James F. Ransome, Cloud Computing, 2017
John W. Rittinghouse, James F. Ransome
As discussed in Chapter 5, identity and access management is a critical function for every organization, and a fundamental expectation of SaaS customers is that the principle of least privilege is granted to their data. The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary.17 However, business and IT groups will need and expect access to systems and applications. The advent of cloud services and services on demand is changing the identity management landscape. Most of the current identity management solutions are focused on the enterprise and typically are architected to work in a very controlled, static environment. User-centric identity management solutions such as federated identity management, as mentioned in Chapter 5, also make some assumptions about the parties involved and their related services.
Security
Published in Vivek Kale, Digital Transformation of Enterprise Architecture, 2019
Once we have authenticated the user in question, authorization enables us to determine exactly what they are allowed to do. Authorization allows us to specify where the party should be allowed or denied access. The principle of least privilege dictates that we should only allow the bare minimum of access to a user—this might be a person, user account, or process—to allow it to perform the functionality needed of it. For example, someone working in a sales department should not need access to data in our internal human resources system in order to do their job.
Communication Techniques
Published in B K Bala, Energy Systems Modeling and Policy Analysis, 2022
There is also a 12-point security practice for securing the other end of smart grid utility companies, which represents the ISO/IEC 27002 Code of Practice for Information Security Control and Management (Bîrleanu et al., 2019): Risk assessment: for the identification and prioritization of risks against the information grid.Security policy: to direct and evaluate the information security plans of utility companies.Organization of information security: an important factor in the successful and correct implementation of a functional information security plan.Asset management: to identify who is responsible for particular assets.Human resources security: information dissemination to the contractors or staff who must assume their responsibility regarding the security of the information that they just acquired.Physical and environment security: protecting critical grid systems and preventing unauthorized access.Communications and operations management: someone must be accountable and respond to the grid’s information systems.Access control: principle of least privilege.Information systems acquisition, development and maintenance: utility companies must ensure that all information security requirements are included while a project is in the requirements step.Information security incident management: methods implemented for the timely identification and containment of information security incidents.Business continuity management: utility companies must hold up incidents that affect the continuity of their operations and actionsCompliance with standards and legal requirements.
Split consensus for object security
Published in International Journal of Parallel, Emergent and Distributed Systems, 2023
In a paradigm of this type, a basic problem is to allow subjects to certify possession of access authorizations [6]. Furthermore, consider a subject that holds a given authorization and is aimed at transmitting this authorization to another subject. The transmission mechanism should allow the original subject to reduce the authorization to include only a fraction of the original access rights. A related aspect is authorization review [7], i.e. a subject granted an authorization, and is aimed at retracting the authorization from the recipients. If only a fraction of the access rights is involved in the review, we have an authorization weakening; for all access rights, we have a revocation. Access right reduction and review are especially important to comply with the principle of least privilege: in a secure system, a privilege should be granted to least possible subjects, and each subject should be granted least possible privileges, that is, only those privileges that are necessary for that object at that time to carry out its intended activities [8,9].
Least Privilege across People, Process, and Technology: Endpoint Security Framework
Published in Journal of Computer Information Systems, 2022
Miloslava Plachkinova, Kenneth Knapp
General information security models often recommended by industry professionals include time-based security, defense-in-depth, baseline security, principle of least privilege, perimeter hardening, zero-trust, and intrusion detection/prevention. The principle of least privilege ensures that every user and system program should be given the least set of rights necessary to complete a job or task and nothing more.5 This principle can be applied to minimize the number of interactions among programs and users so that abuses or excessive privileges are less likely to occur. As a result, this principle limits the damage resulting from a security incident whether malicious or unintentional. The military security clearance rule of ‘need-to-know’ is an example of this principle. Applied to the endpoint, if a user does not have a ‘need-to-use’ a particular application, it should be restricted. The current paper exclusively uses the principle of least privilege as a general security model for promoting endpoint security in organizations. The proposed solution provides a holistic approach because we look into this principle from different aspects within an organization.