Reference no: EM133401243

Case Study: When it comes to security, many ideas may come to mind. Locks, doors, passwords and many other security means are used to protect sensitive information, however, one particular security method is more useful than most might think. That security method is based on one of the First Principles of cybersecurity, Least Privilege. Least Privilege states that for any given job the least amount of "power" possible should be assigned to complete the task (Payne and Antonia, p.3). For example, a maintenance employee does not need to have access to any and all company records to change a light bulb. They simply need access to certain rooms containing the required electrical breakers and equipment. Another good example is a house key. Although you may trust possibly hundreds of people with your house key, you wouldn't necessarily go around handing out keys to those people. The reason for this when broken down is simply because they don't need to have a key. Only those who live in the house and possibly an emergency contact would need it. In addition, if you were to make hundreds of keys the chances of losing one or having it stolen would increase dramatically. This could then lead to robberies while having to replace all the locks and their keys with new ones to "reset" security, which would be all around rather costly.

Question: All of these ideas apply to cybersecurity in the same way as they do physical security. The least Privilege means fewer people will have access to certain sensitive information and those who do have access have a very valid reason for said access. Usually, once an assignment is complete the access or privilege is then revoked to once again tighten up security. Similar to the house analogy, breaches in cybersecurity can be extremely costly for companies and detrimental if not dangerous for users, which is why Least Privilege is one of the most important means of cybersecurity.