Need-to-know principle

from Wikipedia, the free encyclopedia

The need-to-know principle ( knowledge only when necessary ) describes a security goal for secret information . Even if a person generally has access to data or information at this security level, the need-to-know principle prohibits access if the information is not directly required by this person for the performance of a specific task. The principle is, among other things, one of the basic concepts for the internal functioning of secret services .

In information technology , the need-to-know principle is used in the discretionary access control model. The Mandatory Access Control model, on the other hand, also uses general group releases for access control .

See also

Individual evidence

  1. ^ Peter Trommler: The Application Profile Model. vdf, Zurich 2000, ISBN 3-7281-2739-6 .
  2. Mike Meyers, Shon Harris: CISSP . (Certified Information Systems Security Professional. The certificate for IT security - the optimal preparation for exams). 2nd revised edition. mitp, Heidelberg 2007, ISBN 978-3-8266-1745-4 , p. 78.