Preview - Preventing Good People From Doing Bad Things: Implementing Least Privilege

Implementing least privilege is an important concept within information security, yet hard to do correctly. Least privilege is implemented as part of access control, where access is often controlled by an access control list (ACL), which is a table that tells the O/S which access rights each user has to a particular system object. 

In Preventing Good People From Doing Bad Things: Implementing Least Privilegeauthors John Mutch and Brian Anderson write that most organizations fail to take into account the weakest link in their implementation - human nature

In its 11 chapters, the book is segmented into three separate categories for auditors, management and IT staff. 

A quick glance of the book and it looks to be an interesting read about an information security topic that while vital, is often given scant attention. 

Also good news is that it seems to make absolutely no mention of the Bell–LaPadula (BLP) model.  It seems as it every book on access control feels the need to write about BLP, notwithstanding the fact that it has never been used in any commercial or enterprise system.

Full review to follow.

← View more Blogs

This document was retrieved from http://www.rsaconference.com/blogs/246/rothke/preview-preventing-good-people-from-doing-bad-things-implementing-least-privilege on Tue, 30 Sep 2014 05:47:48 -0400.
© 2014 EMC Corporation. All rights reserved.