You have been hired by a startup as their first IT Security team member. To your surprise they have no security or compliance policies documented. The first policy you aim to create would ensure that access to company systems and data is based on an individual's job function. What option best describes this policy?
Job Role Permissions Modeling (JRPM)
Correct Incorrect Unanswered Report Issue Answer Description
Least privilege or the Principal of Least Privilege is a concept in IT security that determines user access to resources based on what is required by their job role or function. For example an HR employee would have access to HR systems and things like salary data, but not to an unrelated system or dataset such as a logistics and warehousing system. Least privilege limits the blast radius of bad actors and social engineering because users have the least amount of access possible.
Wikipedia
In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.
Principle_of_least_privilege - Wikipedia, the free encyclopedia Subscribe to avoid duplicate questions and track your progress over time