Which concept involves restricting access to information based on the principle of least privilege?

The principle of least privilege is a security concept that dictates that individuals should only have access to the information and resources that are necessary for them to perform their job functions. This minimizes the risk of unauthorized access or potential data breaches.

Role-Based Access Control (RBAC) is directly aligned with this principle because it assigns permissions to users based on their role within the organization. By establishing roles—such as administrator, manager, or employee—RBAC ensures that users have only the permissions necessary for their role. For example, an employee in a financial department may have access to sensitive financial data, while someone in human resources may not have that same level of access, thereby adhering to the least privilege principle.

The other concepts, while they may involve access control, do not specifically implement the least privilege principle to the same degree as RBAC does. Mandatory Access Control assigns access based on predetermined policies, which may not consider individual job roles. Discretionary Access Control allows users to determine who can access their resources, potentially leading to excessive permissions. Network Access Control focuses on managing device access to a network rather than how users access specific information. Thus, Role-Based Access Control is the most accurate answer in relation to the principle of least privilege.