• Online, Self-Paced

Improper Privilege Management occurs when software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-269 by the 2020 CWE Top 25.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills to:

  • Manage the setting, management, and handling of privileges
  • Explicitly manage trust zones in the software
  • Follow the principle of least privilege when assigning access rights to entities in a software system
  • Ensure requirement that multiple conditions be met before permitting access to a system resource

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.