A project manager is overseeing the development of a new financial application that will handle sensitive customer data, including Personally Identifiable Information (PII). To maintain data security and compliance, what is the MOST appropriate strategy for granting team members access to this data?
Grant access based on the principle of least privilege, ensuring team members can only view or modify data essential to their specific roles.
Encrypt all sensitive data, allowing any team member with the master decryption key to access it as needed.
Restrict data access to senior developers and the project manager only, requiring all others to request information through them.
Provide all team members with full access to the data to promote transparency and prevent workflow delays.
The correct strategy is to grant access based on the principle of least privilege (PoLP). This security concept dictates that users should only have the minimum levels of access-or permissions-needed to perform their job functions. Providing universal access increases risk, relying solely on encryption ignores access control, and restricting access to only senior roles may impede project progress for those who legitimately need access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege (PoLP)?
Open an interactive chat with Bash
How can PoLP be applied in software development projects?
Open an interactive chat with Bash
What risks can arise from ignoring the principle of least privilege?