๐ผ b. access to, and configuration of, information assets is restricted to the minimum required to achieve business objectives. This is typically referred to as the principle of โleast privilegeโ and aims to reduce the number of attack vectors that can be used to compromise information security;
- Contextual name: ๐ผ b. access to, and configuration of, information assets is restricted to the minimum required to achieve business objectives. This is typically referred to as the principle of โleast privilegeโ and aims to reduce the number of attack vectors that can be used to compromise information security;
- ID:
/frameworks/apra-cpg-234/a/1/b - Located in: ๐ผ 1 APRA envisages that an APRA-regulated entity would adopt a set of high-level information security principles in order to establish a sound foundation for the entityโs information security policy framework. Common information security principles include:
Descriptionโ
Empty...
Similarโ
- Internal
- ID:
dec-c-963930b2
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (3)โ
| Policy | Logic Count | Flags |
|---|---|---|
| ๐ AWS EC2 Instance IAM role is not attached ๐ข | 1 | ๐ข x6 |
| ๐ AWS IAM User has inline or directly attached policies ๐ข | 1 | ๐ x1, ๐ข x5 |
| ๐ Azure Key Vault Role Based Access Control is not enabled ๐ข | 1 | ๐ข x6 |
Internal Rulesโ
| Rule | Policies | Flags |
|---|---|---|
| โ๏ธ dec-x-6c93750d | 1 | |
| โ๏ธ dec-x-4157c58a | 1 | |
| โ๏ธ dec-x-c8041456 | 1 |