Describe these security terms: Principle of least privilege, risk scoring/risk weighting, risk reduction, risk assessment.Understanding Cisco Cybersecurity Fundamentals (210-250)
Principle of Least Privilege
The principle of least privilege states that a user should only be granted the least amount of rights to do their job. By limiting the rights of users, the amount of access and thus the potential risk that they pose is limited. If a user is compromised, the attacker will be limited to their allowed access, unless they are able to do a privilege exploitation attack.
Risk Scoring/Risk Weighting
To help determine what vulnerabilities are more important to mitigate than others, risk scoring/weighting is performed. This process assigns a value to each asset and assesses the probability of each threat occurring. More on risk can be found in my CySA+ Study Notes.
Risk reduction, or mitigation is implemented by compensating controls. Controls can include policies, procedures, software and hardware.
Risk assessment can be quantitative (dollar amounts assigned) or qualitative (more subjective).