Definition: Least Privileges is an information security philosophy that bases access on what can be called “a need to know”. In other words, users should only be granted access to the information resources that they “need to know” to accomplish their primary job task. Other network resources that are unnecessary for an employee to access are made unavailable. Among the largest categories of information security breaches are insiders. Assuring that people only have access to information they require to do their jobs can limit security breaches. Employees must function within a culture of information security.
Policies and practices related to least privileges are usually found in an organization's information security plan.
Its Relevance: An information security plan should be adopted by all infrastructure owners. Assuring information assets must be thought of from external as well as internal threats. Infrastructure owners must give careful thought to the idea of who needs access to what assets in order to perform their basic tasks. Unfettered access by network users to unneeded information raises the risk level.