This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Emma Lilliestam.

What is it?

The range of actions an authenticated user or device is allowed to take in a system.

Why is it important?

A good society works like this: we expect promises to be kept, contracts to be honored, and a lost wallet to be returned. However, when applied to your IT infrastructure, such a mindset leaves your system wide open to an insider or an unhappy former employee. Privilege management gives you detailed control over the permissions given to each user and device.

Why does a business professional need to know this?

Giving your house key to a neighbor so they can water your plants does not mean you want to allow them to look through your closets or bedroom drawers. However, most of us do not have the technical means to restrict access in this way; we either give access to the entire house, or we don’t give access at all. Giving your key to a neighbor relies on implicit trust. You trust that your neighbor will not try on your underwear or eat all your cookies.

To put it mildly, this is not an ideal trust model for your IT infrastructure; you need a model that relies on least privilege, which gives each user only the privileges needed to perform their job duties and nothing more.

In many organizations, the highest possible access rights are given to system administrators. Companies that blindly trust system administrators open themselves to unnecessary risk. It is safer to have fine-grained control over privileges and give each administrator only the privileges needed to carry out their assigned tasks. For example, an administrator responsible for the payroll database probably doesn’t need access to the customer database.

To do this you need to implement an access-level classification scheme and have procedures that support your daily operations. This approach eliminates the need to give users higher levels of access than they need. This would be the equivalent of putting a password on your underwear drawer, making it inaccessible to your neighbor who has only the front door key.