Privileged Access Basics

What You'll Learn

• Distinguish between standard and privileged accounts and explain why privileged credentials require stricter controls and separate usage patterns
• Use just-in-time access workflows to request time-limited elevated privileges for specific administrative tasks
• Identify the risks of using privileged accounts for routine activities like email, browsing, and non-administrative work
• Apply secure handling practices for admin credentials, including separate account usage, no browser password storage, and session monitoring
• Evaluate requests for privileged access from colleagues and route them through proper approval and documentation channels rather than granting ad hoc access

Training Steps

1. Welcome to Northgate Financial

   Welcome to Northgate Financial Partners! You are Alice, a senior systems analyst who has been with the company for two years. You have elevated admin access to the client database - privileges granted because your role requires running complex financial reports. Admin access means you can read, write, and delete records across the entire client database. Most employees have read-only access to their own client portfolios. Your access level is a powerful tool - and a high-value target.

2. SOX Compliance Notification

   Alice receives an email from the IT Security team about an upcoming SOX compliance audit. Quarterly audits are routine at a financial services firm - nothing unusual here.

3. A Colleague Needs Help

   Alice's phone buzzes. A Telegram message from Marcus Chen, a colleague from the analytics team. Marcus needs access to the client database for a quarterly report, but his access was revoked during a recent role transition. He's asking Alice to share her admin credentials - just this once.

4. Sharing Credentials

   Marcus is a trusted colleague with a legitimate deadline. Alice thinks: 'It's just for an hour. What's the worst that could happen?' She shares her admin credentials via Telegram.

5. A Moment to Reflect

   Alice just shared her admin credentials with Marcus via Telegram. Before we continue, let's think about what just happened.

6. The Breach

   Five days have passed since Alice shared her credentials. An urgent email from the CISO stops her cold. A massive breach has been detected - 47,000 client records exfiltrated and an entire archived database table permanently deleted. The attack has been traced to Alice's admin credentials, which were harvested by info-stealing malware from Marcus's workstation.

7. The Breach Investigation

   Alice clicks through to the breach investigation dashboard. The scope of the damage is devastating - and it all traces back to one shared set of admin credentials.

8. How One Shared Password Became a Breach

   The attack chain shows exactly how Alice's shared credentials traveled from a Telegram message to a catastrophic data breach - without any attacker ever contacting Alice directly.

9. Uncontrolled Privilege Escalation

   This comparison shows the core danger of credential sharing. When Alice shared her admin login, she bypassed every access control the organization had in place. Marcus - and by extension, anyone who compromised Marcus's machine - received unlimited admin access with no time limits, no scope restrictions, and no audit accountability.

10. Blast Radius - Why Privilege Level Matters

    The same shared credential. The same malware. But the damage would have been completely different if Alice had standard user access instead of admin privileges. This is why organizations implement the principle of least privilege - minimizing the blast radius when something goes wrong.