102,882
edits
Changes
From Nordan Symposia
Jump to navigationJump to searchCreated page with 'File:lighterstill.jpgright|frame The term "'''need to know'''", when used by government and other organizations (particularly those relate...'
[[File:lighterstill.jpg]][[File:Need_to_know.jpg|right|frame]]
The term "'''need to know'''", when used by [[government]] and other [[organizations]] (particularly those related to the military or espionage), describes the restriction of [[data]] which is considered very [[sensitive]]. Under need-to-know restrictions, even if one has all the [[necessary]] official approvals (such as a security clearance) to [[access]] certain [[information]], one would not be given access to such information, or read into a clandestine operation, unless one has a specific need to know; that is, [[access]] to the [[information]] must be [[necessary]] for the conduct of one's official duties.
As with most [[security]] [[mechanisms]], the aim is to make it [[difficult]] for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of [[sensitive]] [[material]] by [[limiting]] access to the smallest possible [[number]] of people.
The [http://en.wikipedia.org/wiki/Operation_Overlord Battle of Normandy] in 1944 is an example of a need-to-know restriction. Though thousands of military personnel were involved in planning the invasion, only a small [[number]] of them knew the entire scope of the operation; the rest were only informed of data needed to complete a small part of the plan.
==Problems and criticism==
It has been alleged that need-to-know (like other [[security]] measures) can be misused by some personnel who wish to refuse others [[access]] to information they hold in an attempt to increase their [[personal]] [[power]], or to prevent unwelcome review of their [[work]].
The need to know principle is at odds with most [[purposes]] of [[intelligence]] and [[research]]. While one part of an [[institution]] may have [[knowledge]] of some [[data]], the rest of this institution as well as other institutions remain ignorant. Since [[experience]] shows that data shows its most valuable [[information]] only when freely [[connected], the need to know is in [[fact]] putting a limit on [[information]] that [[intelligence]] agencies can gather (even if there are no limits to the amount of data).
==In computer technology==
The discretionary [[access]] [[control]] [[mechanisms]] of some [http://en.wikipedia.org/wiki/Operating_system operating systems] can be used to enforce need to know. In this case, the owner of a file determines whether another [[person]] should have access. Need to know is often concurrently applied with mandatory access control schemes, in which the lack of an official approval (such as a clearance) may [[absolutely]] prohibit a [[person]] from accessing the [[information]]. This is because need to know can be a [[subjective]] assessment. Mandatory access control schemes can also audit accesses, in order to determine if need to know has been violated.
The term is also used in the [[concept]] of [http://en.wikipedia.org/wiki/Graphical_user_interface graphical user interface design] where computers are controlling [[complex]] equipment such as airplanes. In this usage, when many [[different]] pieces of data are [[dynamically]] [[competing]] for finite UI space, safety-related messages are given priority.
==See also==
*[http://trinitize.blogspot.com/2007/03/revelation-evolution.html Revelation & Evolution]
* [http://en.wikipedia.org/wiki/Principle_of_least_privilege Principle of least privilege]
* [http://en.wikipedia.org/wiki/Security_through_obscurity Security through obscurity]
[[Category: Political Science]]
The term "'''need to know'''", when used by [[government]] and other [[organizations]] (particularly those related to the military or espionage), describes the restriction of [[data]] which is considered very [[sensitive]]. Under need-to-know restrictions, even if one has all the [[necessary]] official approvals (such as a security clearance) to [[access]] certain [[information]], one would not be given access to such information, or read into a clandestine operation, unless one has a specific need to know; that is, [[access]] to the [[information]] must be [[necessary]] for the conduct of one's official duties.
As with most [[security]] [[mechanisms]], the aim is to make it [[difficult]] for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of [[sensitive]] [[material]] by [[limiting]] access to the smallest possible [[number]] of people.
The [http://en.wikipedia.org/wiki/Operation_Overlord Battle of Normandy] in 1944 is an example of a need-to-know restriction. Though thousands of military personnel were involved in planning the invasion, only a small [[number]] of them knew the entire scope of the operation; the rest were only informed of data needed to complete a small part of the plan.
==Problems and criticism==
It has been alleged that need-to-know (like other [[security]] measures) can be misused by some personnel who wish to refuse others [[access]] to information they hold in an attempt to increase their [[personal]] [[power]], or to prevent unwelcome review of their [[work]].
The need to know principle is at odds with most [[purposes]] of [[intelligence]] and [[research]]. While one part of an [[institution]] may have [[knowledge]] of some [[data]], the rest of this institution as well as other institutions remain ignorant. Since [[experience]] shows that data shows its most valuable [[information]] only when freely [[connected], the need to know is in [[fact]] putting a limit on [[information]] that [[intelligence]] agencies can gather (even if there are no limits to the amount of data).
==In computer technology==
The discretionary [[access]] [[control]] [[mechanisms]] of some [http://en.wikipedia.org/wiki/Operating_system operating systems] can be used to enforce need to know. In this case, the owner of a file determines whether another [[person]] should have access. Need to know is often concurrently applied with mandatory access control schemes, in which the lack of an official approval (such as a clearance) may [[absolutely]] prohibit a [[person]] from accessing the [[information]]. This is because need to know can be a [[subjective]] assessment. Mandatory access control schemes can also audit accesses, in order to determine if need to know has been violated.
The term is also used in the [[concept]] of [http://en.wikipedia.org/wiki/Graphical_user_interface graphical user interface design] where computers are controlling [[complex]] equipment such as airplanes. In this usage, when many [[different]] pieces of data are [[dynamically]] [[competing]] for finite UI space, safety-related messages are given priority.
==See also==
*[http://trinitize.blogspot.com/2007/03/revelation-evolution.html Revelation & Evolution]
* [http://en.wikipedia.org/wiki/Principle_of_least_privilege Principle of least privilege]
* [http://en.wikipedia.org/wiki/Security_through_obscurity Security through obscurity]
[[Category: Political Science]]
