A newly hired developer is found to have read access to customer PII databases that he does not need for his role. The security team wants to reduce the impact if that account is ever misused by a disgruntled or compromised insider. Which practice would BEST limit the damage that could result from such an insider threat?
Conducting continuous behavior monitoring to spot and address anomalous activity
Developing comprehensive incident reporting and response plans
Implementing mandatory security awareness training sessions quarterly
Enforcing the principle of least privilege across all systems and data access
Enforcing the principle of least privilege ensures that each user account has only the minimum permissions necessary to perform its duties. By limiting unnecessary privileges, the potential attack surface and scope of damage from a malicious or careless insider are significantly reduced. Security-awareness training and behavior monitoring help detect or discourage insider misuse, and incident response plans apply after a breach; none of those measures directly restrict how much damage the account can cause in the first place.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the principle of least privilege mean?
Open an interactive chat with Bash
How do regular audits support the principle of least privilege?
Open an interactive chat with Bash
What is the difference between proactive and reactive insider threat mitigation strategies?