Least Privilege Principle
Domain 5 — Protection of Information Assets
Definition
The principle of least privilege mandates that users, systems, and processes should be granted only the minimum access rights necessary to perform their legitimate functions. It limits the potential damage from errors, intentional misuse, or compromised accounts. IS auditors test least privilege by reviewing user access matrices, role definitions, and privilege escalation paths — particularly for service accounts, admin users, and terminated employees whose access was not revoked.
Real-World Audit Scenario
I audited a financial services firm where every developer had production database admin access. When I raised it, the CTO argued "they need it for debugging." I ran a database audit log and found that a junior developer had accidentally run a DELETE query without a WHERE clause on a customer transactions table — because they connected to production instead of the test environment. Luckily they had a recent backup, but the root cause was clear: the developer should have had read-only production access and used a separate staging environment for testing. We implemented a role-based access model with quarterly certification reviews.
Common Exam Trap
The exam often pairs least privilege with a "break glass" emergency access procedure. The correct answer balances security with operational need — don't pick "deny all access" for admin accounts because some users genuinely need elevated rights for approved tasks.
Test Your Understanding
Try a free practice question on this topic — see our 4-layer explanations and find out where you stand.
Try a Free Question →150 Free Practice Questions →