Facultad de Ingeniería de Sistemas de Información
Maestría de Seguridad de Sistemas de Información
Unfortunately on the institutions exists
several problematic that are related
with the identity and the stole of
information.
How for example in the institutions
they have employees who have been
working for years and have gone
through several departments and jobs
without having their access to each
one of them revoked, becoming an
easy goal of credential theft, there
have even been employees who leave
institution and still they have access to
the platform.
A study published by Prensa Libre the
day 7 of September of year 2017
reveals what 80% of the cases of
cybercrime they come of the own
personal of the company and of is
percentage the 36% have with stole of
information, which on is subtracted
through memories USB.
90% percent of the attacks that are
made to companies the objective of it
is the capture of credential, in this way
the cybercriminal can get access and
perform to different actions.
Carlos Guillermo Palacios Obregón
1293-12-4170
The reasons why the principle of least
possible privilege works is why is
should decide the privilege of access
really need a person for make work, of
such way that any failure, vulnerability
or accident have an impact minimum.
We must think always in the security,
because most people we resist to want
use accounts or equipment what not
arrange of the privilege of
administrator and have access all the
system configuration.
This implies that we as users can be
installing or uninstall programs, have
access without restriction any all the
websites and make changes of
configuration operating systems.
At the time of not limiting the users with
the minimum privilege would have we
infections of malware, data filtering,
corruption of archives, identity fraud,
this could compromise the information
of company.
We must have an administrator user,
this user has access complete the
equipment and can do the change
Facultad de Ingeniería de Sistemas de Información Carlos Guillermo Palacios Obregón
Maestría de Seguridad de Sistemas de Información 1293-12-4170

what whish, how by example: we can in the good development of user

perform homeworkers for the
management of operating system,
software installation and net
configuration, on the other part we
should also have a user with standard
privilege for perform we our everyday
chores, how to manage our mail,
navigate on allowed sites, etc., with its
we would minimize the risk of filtration
of data, espionage, corruption of
records, malware and of else.
activities, to combat this problem at the
root and establish a strategy what
increase the levels of security, defining
roles for each user.
For this reason our work must be
carried out under the principle of the
lowest possible privilege.

Most of malware what exist in the

actuality use the account of users
authenticated in the equipment for
perform any action that is allowed.

Grant the permissions adequate to

each user of a system, it's very
important for the availability how is for
confidentiality and integrity.

That’s why the policies not alone must

of take care of the assignment also of
the revocation of the same how for
example when on vacation, leave the
company or change departments.

Is very important for the company have

security politics that come to contribute