The principle of least privilege is a fundamental security concept requiring that users be granted only the access and permissions necessary to perform their job duties. In this scenario, providing administrator rights to most users on an externally facing system containing sensitive data is a severe violation of this principle. Administrator privileges inherently grant the ability to alter system configurations, modify or delete data, and change security settings. This creates the greatest risk of unauthorized changes, whether malicious or accidental, which directly compromises the integrity, availability, and confidentiality of the system and its data.

A. While administrators can export logs, this is a specific action. The ability to make any unauthorized change is a much broader and more significant risk.

B. Viewing sensitive data is a function of the system for both user types. The core issue highlighted is the risk from excessive privileges, not authorized access.

D. Installing software is a subset of the actions an administrator can perform. The overarching risk is the general capability to make unauthorized changes, which includes more than just software installation.

---

1. ISACA

CISA Review Manual

27th Edition. Domain 4: Information Systems Operations

Maintenance and Service Management

Section 4.4 Logical Access. The manual emphasizes that access rights should be granted based on the "need-to-know" and "need-to-do" principles

and that powerful privileges (such as administrator rights) must be strictly controlled to prevent unauthorized activities that could compromise the system.

2. National Institute of Standards and Technology (NIST) Special Publication 800-53

Revision 5. Security and Privacy Controls for Information Systems and Organizations

Control AC-6 "Least Privilege." This control states: "The organization employs the principle of least privilege

allowing only authorized accesses for users...that are necessary to accomplish assigned tasks." The discussion section notes that this prevents users from making unauthorized changes or performing functions outside their roles.

3. Saltzer

J. H.

& Schroeder

M. D. (1975). The Protection of Information in Computer Systems. Proceedings of the IEEE

63(9)

1278-1308. This foundational academic paper introduces the principle of least privilege

stating

"Every program and every user of the system should operate using the least set of privileges necessary to complete the job." The rationale is to limit the damage that can result from an accident or error. (DOI: https://doi.org/10.1109/PROC.1975.9939

Section I.A.3).