Preview - Preventing Good People From Doing Bad Things: Implementing Least Privilege


Posted on by Ben Rothke

Implementing least privilege is an important concept within information security, yet hard to do correctly. Least privilege is implemented as part of access control, where access is often controlled by an access control list (ACL), which is a table that tells the O/S which access rights each user has to a particular system object. 

In Preventing Good People From Doing Bad Things: Implementing Least Privilegeauthors John Mutch and Brian Anderson write that most organizations fail to take into account the weakest link in their implementation - human nature

In its 11 chapters, the book is segmented into three separate categories for auditors, management and IT staff. 

A quick glance of the book and it looks to be an interesting read about an information security topic that while vital, is often given scant attention. 

Also good news is that it seems to make absolutely no mention of the Bell–LaPadula (BLP) model.  It seems as it every book on access control feels the need to write about BLP, notwithstanding the fact that it has never been used in any commercial or enterprise system.

Full review to follow.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community