Applying Comprehensive Least Privilege: A Framework for Endpoint Security

Kenneth Knapp, University of Tampa


A common target of cyberattacks today is the endpoint device. Through a combination of social engineering and technical means, hackers can exploit vulnerable endpoints as an entryway into an organization. This paper presents an endpoint security framework through the comprehensive application of the principal of least privilege. The framework is applied to endpoint devices across the overlapping domains of people, processes and technology in organizations. The framework emphasizes nine key elements to endpoint security with an associated policy statement for each to promote an organizational culture favorable to least privilege thinking. As a contribution, this framework is one of the first scholarly efforts to apply the principle of least privilege to endpoint security.