A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data.
To which of the following policies is the security administrator MOST likely referring?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The policy that the security administrator is advocating for is related to privileged access accounts, which typically belong to employees with higher levels of access and control over the organization's resources. The policy requires these employees to undergo periodic inspections and review of certain job performance data.
Out of the given options, the policy that is most likely being referred to is the "Mandatory vacation" policy. This policy requires employees with privileged access to take a mandatory break from work for a certain period. During this time, another employee takes over their duties, which provides an opportunity to detect any suspicious activity or unauthorized access that may have been taking place.
The purpose of the policy is to prevent malicious insiders from exploiting their privileged access to commit fraud, theft, or other malicious activities. By taking a break from their work, any unauthorized activity can be detected, and this policy can also serve as a deterrent against such activities.
The other policies listed are also important security policies, but they are not directly related to the scenario presented in the question.
A background investigation policy is designed to screen potential employees before they are hired to identify any past criminal history or other factors that may pose a risk to the organization.
The least privilege policy is a security principle that ensures employees have only the minimum level of access necessary to perform their job functions, which reduces the risk of unauthorized access or accidental data leaks.
The separation of duties policy requires different employees to perform different tasks, which ensures that no single employee has complete control over a critical process or system. This reduces the risk of fraud, errors, or other malicious activities by requiring collusion between multiple employees to circumvent the system's security measures.