Difference between revisions of "Need-To-Know"
Jump to navigation
Jump to search
(Created page with "== National Definitions== ====United States==== ===== NIST===== {{definition|Need-to=know (NTK) is a method of isolating information resources based on a user’s need...") |
(→NIST) |
||
Line 2: | Line 2: | ||
====[[United States]]==== | ====[[United States]]==== | ||
===== [[NIST]]===== | ===== [[NIST]]===== | ||
− | {{definition|Need-to | + | {{definition|Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. <ref name="NISTIR7298">[http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}} |
− | more. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}} | ||
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.<br /> | The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.<br /> | ||
Revision as of 22:41, 9 May 2016
Contents
National Definitions
United States
NIST
Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. [1]
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.