A CDE Definition
A basic principle in information security that holds that entities (people, processes, devices) should be assigned the fewest privileges consistent with their assigned duties and functions. For example, the restrictive "need-to-know" approach defines zero access by default and then opens security as required. All data in a corporate network would be off-limits except to specific people or groups (see role-based access control).
In contrast, a less-restrictive strategy opens up all systems and closes access as required; for example, allowing employees access to all systems except human resources and accounting, which would be limited to only employees in those departments.
role-based access control
The identification, authentication and authorization of individuals based on their job titles within an organization. Contrast with mandatory access control and discretionary access control. See least privilege.
Before/After Your Search Term
Terms By Topic
Click any of the following categories for a list of fundamental terms.