Line 5: |
Line 5: |
| As with most [[security]] [[mechanisms]], the aim is to make it [[difficult]] for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of [[sensitive]] [[material]] by [[limiting]] access to the smallest possible [[number]] of people. | | As with most [[security]] [[mechanisms]], the aim is to make it [[difficult]] for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of [[sensitive]] [[material]] by [[limiting]] access to the smallest possible [[number]] of people. |
| | | |
− | The [http://en.wikipedia.org/wiki/Operation_Overlord Battle of Normandy] in 1944 is an example of a need-to-know restriction. Though thousands of military personnel were involved in planning the invasion, only a small [[number]] of them knew the entire scope of the operation; the rest were only informed of data needed to complete a small part of the plan. | + | The [https://en.wikipedia.org/wiki/Operation_Overlord Battle of Normandy] in 1944 is an example of a need-to-know restriction. Though thousands of military personnel were involved in planning the invasion, only a small [[number]] of them knew the entire scope of the operation; the rest were only informed of data needed to complete a small part of the plan. |
| ==Problems and criticism== | | ==Problems and criticism== |
| It has been alleged that need-to-know (like other [[security]] measures) can be misused by some personnel who wish to refuse others [[access]] to information they hold in an attempt to increase their [[personal]] [[power]], or to prevent unwelcome review of their [[work]]. | | It has been alleged that need-to-know (like other [[security]] measures) can be misused by some personnel who wish to refuse others [[access]] to information they hold in an attempt to increase their [[personal]] [[power]], or to prevent unwelcome review of their [[work]]. |
Line 11: |
Line 11: |
| The need to know principle is at odds with most [[purposes]] of [[intelligence]] and [[research]]. While one part of an [[institution]] may have [[knowledge]] of some [[data]], the rest of this institution as well as other institutions remain ignorant. Since [[experience]] shows that data shows its most valuable [[information]] only when freely [[connected], the need to know is in [[fact]] putting a limit on [[information]] that [[intelligence]] agencies can gather (even if there are no limits to the amount of data). | | The need to know principle is at odds with most [[purposes]] of [[intelligence]] and [[research]]. While one part of an [[institution]] may have [[knowledge]] of some [[data]], the rest of this institution as well as other institutions remain ignorant. Since [[experience]] shows that data shows its most valuable [[information]] only when freely [[connected], the need to know is in [[fact]] putting a limit on [[information]] that [[intelligence]] agencies can gather (even if there are no limits to the amount of data). |
| ==In computer technology== | | ==In computer technology== |
− | The discretionary [[access]] [[control]] [[mechanisms]] of some [http://en.wikipedia.org/wiki/Operating_system operating systems] can be used to enforce need to know. In this case, the owner of a file determines whether another [[person]] should have access. Need to know is often concurrently applied with mandatory access control schemes, in which the lack of an official approval (such as a clearance) may [[absolutely]] prohibit a [[person]] from accessing the [[information]]. This is because need to know can be a [[subjective]] assessment. Mandatory access control schemes can also audit accesses, in order to determine if need to know has been violated. | + | The discretionary [[access]] [[control]] [[mechanisms]] of some [https://en.wikipedia.org/wiki/Operating_system operating systems] can be used to enforce need to know. In this case, the owner of a file determines whether another [[person]] should have access. Need to know is often concurrently applied with mandatory access control schemes, in which the lack of an official approval (such as a clearance) may [[absolutely]] prohibit a [[person]] from accessing the [[information]]. This is because need to know can be a [[subjective]] assessment. Mandatory access control schemes can also audit accesses, in order to determine if need to know has been violated. |
| | | |
− | The term is also used in the [[concept]] of [http://en.wikipedia.org/wiki/Graphical_user_interface graphical user interface design] where computers are controlling [[complex]] equipment such as airplanes. In this usage, when many [[different]] pieces of data are [[dynamically]] [[competing]] for finite UI space, safety-related messages are given priority. | + | The term is also used in the [[concept]] of [https://en.wikipedia.org/wiki/Graphical_user_interface graphical user interface design] where computers are controlling [[complex]] equipment such as airplanes. In this usage, when many [[different]] pieces of data are [[dynamically]] [[competing]] for finite UI space, safety-related messages are given priority. |
| ==See also== | | ==See also== |
− | *[http://trinitize.blogspot.com/2007/03/revelation-evolution.html Revelation & Evolution] | + | *[https://trinitize.blogspot.com/2007/03/revelation-evolution.html Revelation & Evolution] |
− | * [http://en.wikipedia.org/wiki/Principle_of_least_privilege Principle of least privilege] | + | * [https://en.wikipedia.org/wiki/Principle_of_least_privilege Principle of least privilege] |
− | * [http://en.wikipedia.org/wiki/Security_through_obscurity Security through obscurity] | + | * [https://en.wikipedia.org/wiki/Security_through_obscurity Security through obscurity] |
| | | |
| [[Category: Political Science]] | | [[Category: Political Science]] |