Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
A) need-to-know
B) eyes only
C) least privilege
D) separation of duties

Question

Quizplus · Accepted Answer

The principle of least privilege specifies that access to data and resources should be restricted to the minimum necessary to perform assigned tasks. This reduces the risk of unauthorized access, data leakage, and malicious activity. By granting users only the privileges needed to perform their work, organizations can better manage the security of their systems and limit exposure to data breaches. The need-to-know principle focuses more on limiting access to sensitive information only to users who have a legitimate business need for that information, while the eyes-only principle is a type of security marking used to indicate classified material that may only be read by specific individuals with proper clearance. Separation of duties is a principle of internal control that mandates that critical tasks be divided among multiple people to prevent fraud, errors, and other malicious actions.

Which Access Control Principle Specifies That No Unnecessary Access to Data