CDPSE · Question #181
Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?
The correct answer is B. Least privilege. Least privilege means users are granted only the minimum level of access required to perform their job functions-nothing more. It is the most fundamental principle governing access control to systems containing personal data because it directly limits who can access what, reducin
Question
Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?
Options
- ARead-only access
- BLeast privilege
- CSegregation of duties
- DData minimization
How the community answered
(30 responses)- A3% (1)
- B87% (26)
- C3% (1)
- D7% (2)
Explanation
Least privilege means users are granted only the minimum level of access required to perform their job functions-nothing more. It is the most fundamental principle governing access control to systems containing personal data because it directly limits who can access what, reducing the risk of unauthorized exposure, misuse, or breach. While read-only access is one expression of least privilege, it is not universally applicable. Segregation of duties and data minimization are complementary controls, but they operate at different layers-least privilege is the overarching principle that governs how access is provisioned in the first place.
Topics
Community Discussion
No community discussion yet for this question.