Litcius/Paper detail

Least Privilege across People, Process, and Technology: Endpoint Security Framework

Miloslava Plachkinova, Kenneth J. Knapp

2022Journal of Computer Information Systems14 citationsDOI

Abstract

A common target of cyberattacks today is the vulnerable endpoint device, which can be exploited by hackers to gain access into an organization. This paper presents a theoretical framework for addressing endpoint security by leveraging the principle of least privilege across the overlapping domains of people, process, and technology in organizations. The framework emphasizes nine key elements to endpoint security with associated policy statements designed to promote an organizational culture favorable to least privilege thinking. Leveraging an action design research methodology, we integrated the proposed managerial tool in an organization and incorporated feedback from industry professionals to evaluate it and to generate ideas for the development of a commercial endpoint security application. As a contribution, this framework is one of the first scholarly efforts to apply the principle of least privilege to endpoint security which can be valuable to cybersecurity consultants and academics.

Topics & Concepts

Privilege (computing)HackerProcess (computing)Key (lock)Action (physics)Computer scienceComputer securityInformation securityProcess managementBusinessOperating systemPhysicsQuantum mechanicsInformation and Cyber SecurityNetwork Security and Intrusion DetectionCybersecurity and Cyber Warfare Studies
Least Privilege across People, Process, and Technology: Endpoint Security Framework | Litcius