HLS 625: Principles of Least Privilege Information Security

TOPIC: HLS 625 WRITTEN ASSIGNMENT
name
institution
date
1. Describe and explain the principles of least privilege, separation of duties, and two-person control. How do they relate to access control for information security? (Article in section 3.1 on “Security Management”)
These are terms that are applied in security management. They are information security internal control strategies.
The concept of least privilege refers to the process of ensuring that no unnecessary access to data exists. Employees in any organization are able to perform minimum operations necessary to the asset of data. Separation of duties is very important. This is a principle that the completion of a significant task involving sensitive information requires, at least, two people (Whitman &Mattord, 2012).
Two person control is a requirement in an organization that two or more employees should review each other’s work before the task is categorized as finished.
Being an internal control, separation of duties is a very important cornerstone in the protection of information assets and the general prevention of financial loss. It is mostly used to minimize the chance that an employee will violate information security and breaches the confidentiality, integrity or availability of information. The control stipulates that the completion of very significant work involving sensitive information requires at least two individuals. The idea behind this separation of duties is that, if only one individual has the authorization to access particular set of information, there may be nothing the organization can do to prevent the individual from copying the information and removing it from the premises. Separation of duties is a very important control thus it is commonly implemented when the financial information has to be protected. Take the example that two people are required to issue a cashier’s check at a bank. The first individual is authorized to prepare the check, acquire the numbered financial document and ready the check for signature. Then, it requires the second person to sign the check and only then the check can be issued. If one person had the authority to do both tasks then it could be very easy for him to prepare checks in his name and steal large sums of money from the bank (Whitman & Mattord, 2012).
A two person control is almost similar to the above. As described above, it is a situation in which two persons review and approve each other’s work. However, the concept is distinct from separation of duties. In separation of duties, this deals with two individuals in a sequence while in two person’s control, each person completely finishes the work and then submits it to the other core worker. Each coworker then examines the work performed, double checking making sure that there no errors or inconsistencies that exists (Whitman & Mattord, 2012).
The concept of least privilege requires that employees should have access to the minimum amount of information necessary to perform their duties and only as long as it is needed. This means that there is no ...