please read below student posts reply each in 150 words.
Rajesh – Principle of Least Privilege (POLP) is one of the important concepts in Computer and Database Security. It is nothing but a practice of limiting the user’s permissions to as minimum as possible to help them finish their task. This principle is used to limit user access permissions to applications, systems, processes, files, resources. This principle is designed to protect the data and functionality from faults and also from malicious behaviors. “Least privilege is one of the highly used principles in improving data security. It is derived from the hard protection requirements needed for the information assets. Permission is easily distributed to administer the tasks allocated to different users” (Talib, 2015). For example, access to cloud users is restricted to provide more security to the secret data stored. This is due to the presence of a few numbers of malicious users in the cloud environment. The users will generally try to obtain the data that is not intended for them. So, the least privilege is helpful for the cloud service providers to protect from the intended and malicious activities of other users.
Many organizations are implementing the concept of least privilege security approach to promote the legitimate way of utilizing infrastructure capabilities. “Kearns claimed that Information security highly demands this security principle to control the employees to minimize its effect on the privacy aspects. The least privilege principle is extended by adding the logical access controls by controlling the privilege from the remote location” (Kearns, 2016). It involves the setting of authentication details in the form of a username and password to validate the user to give access. And some organizations follow the SSH keys to provide access to the required users which is more secure than using just username and password.
Information Security is a process that is designed and implemented to protect confidential, private and sensitive data from unauthorized access by using the concept of least privilege. Privilege helps in restricting access to files, databases, and applications. It highly influences the boldness and conduct of the staff by acting as a deterrent between them. “It is mainly influenced by the two major factors such as the inevitability of the permission and impact of the permission. Privilege gives less capability which is enough to do their tasks effectively” (Alhassan & Adjei-Quaye, 2017). It is applied to three things including technology, business processes, and people. Regular monitoring should be there to maximize the security of the information and Duty separation is considered to be one of the main concepts in this principle.
In business organizations, the costs of security risks are increasing every day. To avoid this problem, there is a method called Privileged Access Management. “Information systems, information assets, and users are controlled by implementing the privilege management principle. Privilege management associated with four major solutions such as governance, user management, monitoring and controlling, and access channel management” (ISACA, 2017). It needs to develop and implement an authorization policy to the privilege management to protect a business in abuse of privilege and minimizes chances to perform the cyber-attacks.
Least privilege helps a lot in identifying the vulnerabilities in a system. After multiple data breaches in 2016, “Forrester Research has conducted an extensive survey on enterprise security and revealed that 83 percent of organizations do not follow a proper IAM (Identity Access Management) approach which resulted in more than 2 times of data breaches and over $5 million in costs on average” (Jeff Edwards, 2017). Due to the improper implementation of IAM, threat actors can obtain privileged credentials and use those to access critical systems. By enforcing least privilege, we can minimize the security risks and potential disruption to the business from data breaches. “Different types of activities involved in the privilege management is the segregation of information assets, improving awareness of employees through training, distribution of tasks, identity management, and protection of passwords” (Sindiren & Ciylan, 2018). These are helpful in protecting the data by removing the potential vulnerabilities presented for the different types of information systems and applications.
nagaraju – The principle of least privilege (POLP) plays an important role in computer security. It limits the access rights for users, accounts, and computing processes that are necessary to perform the job. The principle of least privilege will provide access to data or resources to read, write, or execute the data and complete their work. It will also provide the least privileges to applications, systems, processes, and devices to perform authorized activities. The principle of least privilege will strictly limit access to critical systems which helps to reduce the risk of intentional data breaches and unintentional data leaks. The malware infections like ransomware or computer worms can also be reduced using the principle of least privilege, as it will not give access to install them.
There are different types of privilege settings available for different types of user accounts. The Superuser accounts are mainly used by IT staff members for the administration which has unlimited rights over a system. They have permission to read, write and execute the data as well as the ability to make changes in the system such as modifying settings and files, creating or installing software or files, and deleting data and users. “Under current best practices for security, access through superuser accounts should be limited to only those required to administer systems; ideally, superuser credentials should never be used to log in to an account, but rather used with the “sudo” (“superuser do”) command in Unix/Linux systems, which allows the holder of superuser credentials to issue a single command that is executed with superuser privileges. This reduces the risk of an active superuser session being hijacked” (Rouse, 2017).
The principle of least privilege reduces the risks that are caused by unauthorized or unwanted access to system privileges. The system which is compromised or mismanaged has the least privileges then the damage is less compared to the systems that do not have the principle of least privilege. If the administrative sessions provide full privileges, then the system will be vulnerable to malware as they can spread without any restrictions. So the organization should limit the high-level powers to the users and applications in order to reduce the risk of widespread corruption. “The practice of implementing the least privilege principle forces network managers to keep comprehensive data records. Complete data classification is required to understand all information held on the network and who has access to it” (Neveux, 2019).
The principle of least privilege also has some limitations. Even if the users are using the principle of least privilege, they are targeted by the spear-phishing attacks and gaining access to sensitive data and gather information about the users. To reduce these types of attacks, cybersecurity awareness training, OPSEC, and data leak detection software must be included as part of the cybersecurity strategy. “Another common issue is the lack of visibility and awareness of who actually has a privileged account, access to sensitive assets or has exposed credentials. Organizational inertia and cultural challenges can make it hard to introduce restrictive access controls too” (Tunggal, 2019). The principle of least privilege can reduce the number of attacks but it cannot remove them completely.
yaswanth – Question 1
The estimating techniques discussed in the given case are three-point, analogy, and triangular estimate techniques. In the three-point estimate, the flow of a project is defined by three sets of assumptions. The first set might be optimistic, the second one might be pessimistic, and the third one is between other two estimates. Many companies use three-point estimation for making estimated probability distribution (Juristo & Moreno, 2013). Analogy estimate is one of the most common estimates used by project managers to make improves on the present project by considering past experiences. Triangular distribution is another approach used for probability distribution which does in the form of a triangle.
For every project, there are different levels of complexity and various factors influencing the project success. Before making the selection of better estimation technique, the project manager should consider various factors such as the project size, availability and level of expertise of resources, complexity factors or risks involved, the amount of work efforts, availability of equipment/materials, and the project quality (Hussein, 2014). The project manager will make a decision on which estimation technique to use in the project based on the project scope and their understanding of the requirements. The understanding has to match exactly with client needs with respect to the project. For an instance, the project has the high complexity or at high risk, a project manager should go for the use of historical data for estimation purposes i.e. analogous estimating technique. Because it uses the historical data could help to analyze the project and meet requirements successfully.
If I was assigned as a project manager of this project, I would make the use of a combination of parametric and analogous estimation technique. Analogy estimation is mainly utilized when the project manager does not has sufficient information on the present project thus, it’s necessary to compare it with one of the previous projects which are successfully completed in previous (Kerzner, 2013). But, it is not considered to bemost accurate estimate technique because of complexity and time taking process. So, along with this technique, I would like to use parametric estimation because it helps to calculate the cost and duration effectively.
aesha – 1.How many different estimating techniques were discussed in the case?
Bottom up and Three Point estimate
Order of Magnitude
2.If each estimate is different, how does a project manager decide that one estimate is better than another?
According to the requirements, information about the project, Project manager can decide that one estimation is better than the another one. Previous project experience and estimation techniques also beneficial to decide about the better estimation. Size of the project also matter to the estimation of the project. Other team members who lead that tasks can help to the project manager about to decide which task/project related estimation is going better. There are many techniques are available to decide the timeline and estimation like analogous, parametric, order of magnitude, bottom up and three-point estimating. These techniques require specific data and statistical procedures and some mathematical.
3.If you were the project manager, which estimate would you use?
As I have elaborated in a previous answer, there are so many techniques for the estimation. Analogous estimation has very good advantages. It is based on the previous gathering and historical data means data from the previous projects. Many organizations use this technique to keep historical data for the future projects. This technique is widely accepted. This technique is based on the scope, cost, size, weight and complexity of the project.