Need-to-know principle
The need-to-know principle ( knowledge only when necessary ) describes a security goal for secret information . Even if a person generally has access to data or information at this security level, the need-to-know principle prohibits access if the information is not directly required by this person for the performance of a specific task. The principle is, among other things, one of the basic concepts for the internal functioning of secret services .
In information technology , the need-to-know principle is used in the discretionary access control model. The Mandatory Access Control model, on the other hand, also uses general group releases for access control .
See also
Individual evidence
- ^ Peter Trommler: The Application Profile Model. vdf, Zurich 2000, ISBN 3-7281-2739-6 .
- ↑ Mike Meyers, Shon Harris: CISSP . (Certified Information Systems Security Professional. The certificate for IT security - the optimal preparation for exams). 2nd revised edition. mitp, Heidelberg 2007, ISBN 978-3-8266-1745-4 , p. 78.