unnecessary information from them. This is often done with
            credit cards by only letting a merchant see the first six or last
            four digits of a credit card. Those digits are not protected and
            can be displayed, but the merchant does not need to see the
            remaining digits. By hiding (masking/obscuring) that data, the
            merchant is unable to misuse that information that they did not
            need to see anyway.



            Least Privilege

            Least privilege is the concept of only granting an entity the
            lowest level of access that they require to perform their job
            duties. For example, granting "read-only" access instead of
            "read/write."


            Temporal Access

            Temporal refers to "time" based access restrictions. For
            example, when user accounts are set up, a user may only be able
            to log in at certain times of the day. Their accounts will not
            work at other times. A user attempting to log in late at night or
            over the weekend would not be able to log in. This prevents the
            misuse of accounts by either the user or another person
            (cleaning staff) during non-standard operating hours.



            Separation of Duties
            Separation of duties is the practice of ensuring that no single
            entity has complete control over a sensitive transaction. For a
            transaction to be completed, it would require the participation of
            more than one entity. This is accomplished by breaking a job
            into separate parts and having different people execute each