What principle ensures that access to sensitive data is restricted to only those who need it to perform their job?

The Least Privilege Principle is a fundamental concept in information security that stipulates individuals should have only the minimum level of access necessary to perform their job functions effectively. By applying this principle, organizations can significantly reduce the risk of unauthorized access to sensitive data, as it limits permissions to what is strictly required for each user’s role.

This principle is essential in mitigating the potential impact of data breaches or insider threats, as it helps ensure that even if an account is compromised or misused, the damage can be minimized because the account lacks the higher-level access that could lead to broader exposure of sensitive information.

In contrast, the other options address different methods or aspects of access control. Separation of Duties involves dividing responsibilities among multiple individuals to prevent fraud or error. Mandatory Access Control refers to system-enforced access controls based on information classification and user clearance levels. Discretionary Access Control allows users to control who can access their resources and is more flexible but can lead to unrestricted access if not carefully managed.