Preventing Unauthorized Access and Data Loss in Educational Institutions
Question
A department head at a university resigned on the first day of the spring semester.
It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed.
Which of the following policies or procedures could have prevented this from occurring?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The incident described in the question involves a former employee deleting files and directories from the server-based home directory while the campus was closed. This is a clear example of a malicious insider threat, where an individual who has authorized access to systems or data misuses that access for personal gain or to harm an organization.
To prevent such incidents from occurring, organizations should implement appropriate policies and procedures to manage access to systems and data. Let's look at the options provided in the question and how they relate to this incident:
A. Time-of-day restrictions: Time-of-day restrictions can be used to limit access to systems and data during specific times of the day or week. For example, if the department head's access had been restricted to business hours only, they would not have been able to delete files and directories when the campus was closed. However, it is unlikely that time-of-day restrictions alone would have prevented this incident since the department head was an authorized user with legitimate access to the system.
B. Permission auditing and review: Permission auditing and review involves regularly reviewing and updating access controls to ensure that only authorized users have access to systems and data. This can help identify and remove unnecessary or inappropriate access privileges. If the university had conducted regular permission audits and removed the department head's access when they resigned, this incident may have been prevented.
C. Offboarding: Offboarding is the process of managing an employee's departure from an organization. This includes revoking their access to systems and data. If the university had properly offboarded the department head by revoking their access to the server-based home directory when they resigned, this incident may have been prevented.
D. Account expiration: Account expiration involves setting a date for an account to automatically expire, which can help prevent former employees from accessing systems and data after they leave the organization. If the university had set the department head's account to expire on their last day of employment, this incident may have been prevented.
In summary, while time-of-day restrictions can be useful in certain situations, it is unlikely that they alone would have prevented this incident. Permission auditing and review, offboarding, and account expiration are all important policies and procedures that can help prevent incidents like this from occurring. Of the options provided, the most effective measure would have been proper offboarding procedures, including revoking the department head's access to the server-based home directory when they resigned.
