End users are under no circumstances implicitly trustworthy. Whenever a person tries to obtain a useful resource, they need to be authenticated and authorized, irrespective of whether They are already on the organization network. Authenticated users are granted minimum-privilege access only, as well as their permissions are revoked when https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network