In this lab activity, I evaluated a real-world data leak scenario and applied privacy principles to determine how to better protect organizational information. I focused on identifying access control weaknesses and improving safeguards in line with cybersecurity standards.
An employee at an educational technology company unintentionally shared confidential documents with an external business partner. The files were stored in a shared folder with unrestricted access, violating least privilege principles.
My task was to review the incident and recommend access control improvements using NIST guidance as a reference.
| Control | Least privilege |
|---|---|
| Issue(s) | Access permissions were too broad, allowing external sharing of internal marketing documents without proper oversight. |
| Review | NIST SP 800-53: AC-6 recommends granting access based on roles and reviewing permissions periodically to ensure compliance with least privilege. |
| Recommendation(s) |
|
| Justification | Implementing stricter access controls and audits helps reduce accidental exposure of confidential data. |
This exercise strengthened my understanding of how access control failures can lead to privacy risks. By applying the least privilege model and NIST recommendations, I was able to develop practical steps to improve information security.