Which three security design principles can help balance security control while reducing maintenance?

Creating groups over assigning individual access permissions to users is a strong security design principle that effectively balances security control with maintenance efficiency. By utilizing groups, administrators can manage access permissions in a more streamlined manner. Rather than assigning specific permissions to each user individually, which can become cumbersome and prone to errors as the number of users increases, organizations can establish predefined roles or groups.

When a user is added to a group, they automatically inherit the group's permissions. This makes it easier to manage access control, especially in large environments. If changes are needed in access rights, administrators can simply update the group settings, which automatically propagates to all users within that group. This not only simplifies the management process but also reduces the risk of inconsistencies and potential security vulnerabilities that may arise from individual configurations.

The other options, while they may have their benefits, typically do not provide the same level of efficiency in balancing security controls and reducing maintenance burdens. For example, configuring single sign-on (SSO) enhances user convenience but does not address the management of permissions directly. Assigning higher-level roles than necessary and then scaling back can lead to complexity and potential oversight in permission settings. Utilizing inherited permissions can streamline some aspects of access control but should be employed in conjunction with structured groups