How should an IT manager adjust the access rights of employees after a promotion according to the principle of least privilege?

• A. Revoke all existing permissions
• B. Assign permissions related to their new roles and revoke old accesses
• C. Increase permissions for all team members
• D. Keep all existing permissions unchanged

Answer: (B)

The principle of least privilege dictates that individuals should only have the minimum level of access necessary to perform their job functions. When employees are promoted, their new roles may entail different responsibilities that require different access rights compared to their previous positions.

Assigning permissions related to their new roles while simultaneously revoking old accesses ensures that the employees receive the necessary permissions to effectively perform their new tasks without being burdened by outdated or irrelevant access. This approach minimizes security risks by reducing the number of permissions that could be exploited and helps maintain a controlled access environment that aligns with the employee's current job function.

Reassessing access rights following a promotion is crucial to safeguarding the organization's data and systems, as it not only updates the permissions in line with their new responsibilities but also mitigates the risks of potential misuse of outdated permissions that may no longer be appropriate for their new role. Adopting this method reinforces the organization’s commitment to security through effective access management.