What principle aims to prevent users from accessing more information than necessary?

The principle that aims to prevent users from accessing more information than necessary is known as the Least Privilege. This security framework dictates that users are granted the minimum levels of access—or permissions—needed to perform their job functions. This restricts individuals' access rights for accounts, systems, or information to only the essentials required for their specific role.

By implementing the principle of Least Privilege, organizations can significantly reduce the risk of unauthorized access to sensitive data and systems. It minimizes potential exposure by limiting the number of users with access to critical information and reduces the attack surface for potential breaches. If a user's credentials are compromised, the damage is confined to only what the user was allowed to access.

The other choices, while relevant to security, focus on different aspects. Data Minimization is a practice related to collecting and retaining only necessary data. Access Control involves the mechanisms used to enforce restrictions on data access. Risk Management deals with identifying, assessing, and prioritizing risks but does not specifically concern itself with the level of access users have to information.