This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Implementing Least Privilege at your Enterprise Enterprise security involves people, process and technology. The principle of least privilege can and should be applied to all of those areas An expansion of the topic of 'least privilege ' has some importance because, those responsible for information security, have had some past difficulty explaining it or gaining acceptance for this important principle. It is often referenced and occasionally supported with a brief definition, but rarely is the principle supported with any significant examples or rationale. It is a p... Copyright SANS Institut