Principle of least privilege (PoLP) 🟢 Protection
The Principle of Least Privilege (PoLP) is a fundamental concept in cyber security, which involves granting users, systems and applications only the minimum access rights necessary to perform their legitimate tasks. In other words, each entity should only have the privileges that are strictly essential to its operation, and nothing more.
Example with users: in a company, an employee in the accounts department does not need access to human resources files, just as a trainee does not need the same authorisations as a manager. In the same way, in IT, each account, each application and each process should have only the strict minimum of rights to function.
Example with systems: in a Linux system, a web server does not need root (administrator) rights, but only specific permissions to read certain files and listen on a network port.