試験CISSP-JP トピック4 問題294 スレッド

According to the CISSP For Dummies1, the process in which least privilege is implemented for a user account is provision. Provision is the process of creating, assigning, and configuring a user account with the necessary access rights and permissions to perform the tasks and functions that are required by the user's role and responsibilities, as well as the security policies and standards of the organization. Provision is the process in which least privilege is implemented for a user account, as it ensures that the user account has the minimum amount of access rights and permissions that are needed to complete the user's job, and nothing more.
Provision helps to reduce the risk and impact of unauthorized or unintended access, disclosure, modification, corruption, denial, or disruption of the data, information, systems, networks, or resources that are accessed or used by the user account. Approve is not the process in which least privilege is implemented for a user account, although it may be a process that precedes or follows the provision process. Approve is the process of verifying, validating, and authorizing a user account with the necessary access rights and permissions to perform the tasks and functions that are required by the user's role and responsibilities, as well as the security policies and standards of the organization. Approve is the process that ensures that the user account is legitimate, appropriate, and compliant, and that the user account is granted or denied the access rights and permissions based on the approval criteria and procedures. Request is not the process in which least privilege is implemented for a user account, although it may be a process that precedes or follows the provision process.
Request is the process of requesting, applying, or registering for a user account with the necessary access rights and permissions to perform the tasks and functions that are required by the user's role and responsibilities, as well as the security policies and standards of the organization. Request is the process that initiates or triggers the creation, assignment, or configuration of a user account, and that provides the information and justification for the user account. Review is not the process in which least privilege is implemented for a user account, although it may be a process that precedes or follows the provision process.
Review is the process of monitoring, auditing, and evaluating a user account with the necessary access rights and permissions to perform the tasks and functions that are required by the user's role and responsibilities, as well as the security policies and standards of the organization. Review is the process that ensures that the user account is effective, efficient, and secure, and that the user account is updated, modified, or deleted based on the review criteria and procedures.