Responsibilities and privileges should be allocated in such a
way that prevents an individual or a small group of collaborating
individuals from inappropriately controlling multiple key aspects of a
process and causing unacceptable harm or loss. Examples include limiting
need to know areas for individuals, eliminating single administrative points
of failure, and limiting administrative domains.
Complexity: Analyzing and
implementing such controls are not difficult but may involve increased
cost.
fc@red.a.net