Why the “Principle of Least Privilege” works and something for free…

The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions.

This principle is one I always enforce in cyber security as it is a powerful way of defending the most sensitive data an organisation holds. It is a great defence against the insider threat. Although it is not a perfect defence, as a highly trusted memebr of your team who chooses to abuse your trust, will have access to that sensitive information.

Why I am writing about PoLP? Well it seems a number of members of staff at a clinic used by the Royal Family have been caught trying to access confidential and personal information about the health of the Princess of Wales. IT IS NO ONE’S BUSINESS EXCEPT HERS, HER FAMILY AND THE HEALTHCARE WORKS INVOLVED IN THE CASE.

Kate hospital says any privacy breach would be investigated – BBC News

Kate hospital privacy breach claims being ‘assessed’ by watchdog – BBC News

The case has been reported to ICO.

Your Takeaway

PoLP is the starting point for defending your information. If a trusted person is going to abuse that trust then monitoring and accountability is needed.

So why not attend our free webinar where John O’Mahony will present a webinar on our Security Operations Centre (SOC) and cyber security stack for Octagon Technology and Smart Thinking. John is a Senior Cybersecurity Solutions Specialist with Kaseya and specialises in how corporate level cyber security tools can be leveraged for smaller organisations. The SOC provides our cyber security clients with 24/7 continuous monitoring of their IT assets and users and give you the kind of accountability that will deter the insider threat – at a price even a one-person operation can afford.

Leveraging Corporate Level Cyber Security Webinar – Register Here

I look forward to seeing you there.

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Your Takeaway

Further Reading