| < Day Day Up > |
|
There are three trust models described here:
Trust everyone all of the time. It is the easiest trust policy model to follow, but not practical and definitely not sensible. Some businesses stopped following this model after they discovered their trusted employees had looted the company's bank accounts.
Trust no one at any time. This is the most restrictive policy and also one that is not practical. Some organizations attempt to function on this model, but do not function very well.
Trust some people some of the time. This model emphasizes caution in providing access to critical assets on an as-needed basis and only in sufficient amounts permitting employees to do their jobs. Controls are instituted ensuring trust is not violated. Usually the most-favored model is one that requires a bare minimum of privilege and as trust is gradually built, privilege escalates.
| < Day Day Up > |
|