Vincent AndinoNov 5, 2022
 

In the 4th post on Least Privilege, I go into more detail on best practice & technologies for implementation of Least Privilege. As always, curious to know your reactions, opinions & insights.

https://cirriustech.co.uk/blog/secbytes-least-privilege-pt4/

#SecurityBytes #informationsecurity #leastprivilege

Security Bytes: What is Least Privilege and why you should care about it - Lets fix this

Welcome to the latest of my Security Bytes posts, where I dig into areas of interest in Infosec/CyberSec, and offer my opinion. In my last post, I talked about the many challenges of implementing Least Privilege. You may have been forgiven for thinking this is all just too hard to do right from day one, or to rectify from your current situation. In this post, I’ll share my opinions on the best approaches that organisations could take to improve their privileged access management position and security posture.

CirriusTech | Serious About Tech
Nov 5, 2022 at 2:49pmWeb
Show threadGoblinLucyNov 5, 2022
@cirriustech Awesome post! It might be worth adding some "think like an attacker" methodologies too. Easiest way to get started is deploying the likes of blood hound or other graph based tools to identify how numerous points of minor weakness can lead to major compromise.
Show threadColonel Panic πŸŒ»πŸ‡ΊπŸ‡¦ Nov 7, 2022
@cirriustech Great stuff here. I remember once I was asked by a student what I would say if I had to boil infosec down to one idea, and I responded that it was Least Privilege. It's easy to forget amid all the things we're swamped by that this should in many respects be our North Star, and that asking the question "is this following LP" can sometimes help clarify what the right decision is on something. Obviously it's often wayyyy more complicated than that but it's still a good thing to fall back on.
Show threadLesDec 4, 2022
@cirriustech I bookmarked it. This is what I was looking for. I will study this one and the previous ones. Thanks 😊