Least Privilege across People, Process, and Technology: Endpoint Security Framework

Authors

Miloslava Plachkinova, Kennesaw State University
Kenneth Knapp, Anderson University South Carolina

Department

Information Systems and Security

Document Type

Article

Publication Date

1-1-2023

Abstract

A common target of cyberattacks today is the vulnerable endpoint device, which can be exploited by hackers to gain access into an organization. This paper presents a theoretical framework for addressing endpoint security by leveraging the principle of least privilege across the overlapping domains of people, process, and technology in organizations. The framework emphasizes nine key elements to endpoint security with associated policy statements designed to promote an organizational culture favorable to least privilege thinking. Leveraging an action design research methodology, we integrated the proposed managerial tool in an organization and incorporated feedback from industry professionals to evaluate it and to generate ideas for the development of a commercial endpoint security application. As a contribution, this framework is one of the first scholarly efforts to apply the principle of least privilege to endpoint security which can be valuable to cybersecurity consultants and academics.

Journal Title

Journal of Computer Information Systems

Journal ISSN

08874417

Volume

63

Issue

5

First Page

1153

Last Page

1165

Digital Object Identifier (DOI)

10.1080/08874417.2022.2128937