💼 b. access to, and configuration of, information assets is restricted to the minimum required to achieve business objectives. This is typically referred to as the principle of ‘least privilege’ and aims to reduce the number of attack vectors that can be used to compromise information security;
- Contextual name: 💼 b. access to, and configuration of, information assets is restricted to the minimum required to achieve business objectives. This is typically referred to as the principle of ‘least privilege’ and aims to reduce the number of attack vectors that can be used to compromise information security;
- ID:
/frameworks/apra-cpg-234/a/1/b - Located in: 💼 1 APRA envisages that an APRA-regulated entity would adopt a set of high-level information security principles in order to establish a sound foundation for the entity’s information security policy framework. Common information security principles include:
Description
Empty...
Similar
- Internal
- ID:
dec-c-963930b2
- ID:
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (3)
| Policy | Logic Count | Flags |
|---|---|---|
| 📝 AWS EC2 Instance IAM role is not attached 🟢 | 1 | 🟢 x6 |
| 📝 AWS IAM User has inline or directly attached policies 🟢 | 1 | 🟠 x1, 🟢 x5 |
| 📝 Azure Key Vault Role Based Access Control is not enabled 🟢 | 1 | 🟢 x6 |
Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-6c93750d | 1 | |
| ✉️ dec-x-4157c58a | 1 | |
| ✉️ dec-x-c8041456 | 1 |