Lynne is processing access control requests for her organisation. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lynne denies this request. What security principle is she following?
Graham is investigating a potential privacy violation within her organisation. The organisation notified users that it was collecting data for product research that would last for six months and then disposed of the data at the end of that period. During the time that they had the data, they also used it to target a marketing campaign.
Which principle of data privacy was most directly violated?
Will is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Will trying to enforce?