What principle guides the provisioning and de-provisioning of user accounts to ensure correct access levels?

The principle of least privilege is fundamental to the provisioning and de-provisioning of user accounts because it ensures that users only have the minimum access necessary to perform their job functions. This minimizes the risk of unauthorized access or misuse of sensitive information. By adhering to this principle, organizations can prevent users from gaining access to systems and data that are not essential for their work, thereby reducing the potential attack surface.

In practice, when creating or modifying user accounts, administrators assign permissions based on the specific role and responsibilities of each user. If a user's job changes or they leave the organization, their access rights should be promptly revised or revoked to prevent lingering permissions that could be exploited.

While the other principles, such as separation of duties, defense in depth, and risk management, are also important for overall security posture, they do not specifically focus on controlling access rights related to user accounts in the same way that the principle of least privilege does. Thus, least privilege is the guiding principle for ensuring correct access levels when managing user accounts.