Preventing Unauthorized Printing in the IT Department

Technical Control to Prevent Unauthorized Printing

Prev Question Next Question

Question

A copy of a highly confidential salary report was recently found on a printer in the IT department.

The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization.

Which of the following technical controls would be the BEST choice to immediately prevent this from happening again?

Answers

A. Implement a DLP solution and classify the report as confidential, restricting access only to human resources staff

B. Restrict access to the share where the report resides to only human resources employees and enable auditing

C. Have all members of the IT department review and sign the AUP and disciplinary policies

D. Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The BEST choice to prevent unauthorized access to confidential data is to restrict access to the data to authorized personnel only. Based on the scenario described, option B is the most appropriate technical control to implement.

Option A, implementing a DLP solution, is not the best choice because it does not directly address the problem of unauthorized access. DLP (Data Loss Prevention) solutions are used to monitor and control the flow of data across a network to prevent sensitive information from leaving the organization. While this could be a good long-term solution, it is not an immediate fix for the current problem.

Option C, having all members of the IT department review and sign the AUP and disciplinary policies, is not the best choice because it does not directly address the problem of unauthorized access either. It is also not clear if this incident was a result of an intentional act or an accidental mistake.

Option D, placing the human resources computers on a restricted VLAN and configuring ACL to prevent access from the IT department, is not the best choice either. This option is overly restrictive and would hinder collaboration and communication between departments. It is also not clear if the employee who accessed the report was authorized to do so, but merely printed it without permission.

Option B, restricting access to the share where the report resides to only human resources employees and enabling auditing, is the best choice because it directly addresses the problem of unauthorized access to sensitive data. By restricting access to the share, only authorized personnel can access the data. Enabling auditing allows the organization to track who is accessing the data and when, which can help identify potential security incidents in the future.

In conclusion, the BEST choice to immediately prevent unauthorized access to confidential data is to restrict access to the data to authorized personnel only. Therefore, option B is the most appropriate technical control to implement.

Prev Question Next Question