Least privilege - get what you need, not what you want
I like trains. I would quite like to drive the train, but that is not on the cards as I have no training, so I sit/stand with everyone else in the passenger area - I am assuming someone is driving and it is not being done by an artificial robot train driver... yet... My firm belief is as security people we are starting to forget the basic principles of security that help protect something important, us and the information we use. And, we forget to explain, sell, story tell them to people - we just say "well you must ensure you have least privilege", and people think "what is he/she on about...?". One of my favourite principles is "least privilege" - so giving people access to only what they need access. This certainly seems like a very strong way to protect what is important. If people only have access to what they need and they become compromised, the bad actor (they aren't acting) can only access what you have access to. "The pr...