What is the practice of giving an employee access to only the resources needed to accomplish their job?
What is the practice of giving an employee access to only the resources needed to accomplish their job?
The practice of giving an employee access to only the resources needed to accomplish their job is known as the principle of least privilege. This principle ensures that users are granted the minimum levels of access – or permissions – needed to perform their job functions.
See also: https://www.ciscopress.com/articles/article.asp?p=2783637 A is the correct answer
ANS: A Least privilege focus on minimizing potential system damage, ensuring that each employee should have minimum resources to perform their task, e.g files, network, application. While, need to know focus on restricting access to sensitive information like personal data, sensitive data, classified document, and providing them with information they need to know to perform their tasks.
A. principle of least privilege
The answer is D. Somewhat related to the principle of least privilege is the concept of “need to know,” which means that users should get access only to data and systems that they need to do their job, and no other. (From Cisco Press)
D is the correct. The Need-to-know security principle: This principle states that a user shall only have access to the information that their job function requires, regardless of their security clearance level or other approvals.
correct