LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the need-to-know principle?

Give each person access only to the information they actually require to do their job — nothing more.

Need-to-know (information) + least privilege (permissions): grant only what the role needs, deny the rest.

* Need-to-know and least privilege shrink the blast radius. *

Need-to-know limits the blast radius of any single compromised account or insider. If an employee can only reach the data their role demands, then a stolen credential or a rogue insider exposes only that slice — not the whole organization.

It's closely related to the principle of least privilege (minimal permissions), with need-to-know focusing specifically on information access. Both shrink the attack surface and contain damage.

Tip: Ask "does this person need this to do their job?" If not, revoke it. Over-broad access is one of the most common findings in security audits.

Go deeper:

From Quiz: INTROL / Strategy & Tactics in Cyber Security | Updated: Jul 05, 2026