Introduce Need to know, Least Privilege and Segregation of duties
Need to know, Least Privilege and Segregation of duties
Need to know
The expression 'need-to-know basis' describes restricting access to information or a system considered sensitive to those that need such access, possibly only for a limited period. The owner should evaluate who has a specific need to read or modify, and for how long this access is needed.
The principle of least privilege is the idea that at any user, program, or service should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn’t need to access file shares.
Segregation of duties
Segregation of duties serves two key purposes: It ensures that there is oversight and review to catch errors. It helps to prevent fraud or theft because it requires two people to collude in order to hide a transaction.