An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy.
Business management indicates that the practice creates operational efficiencies.
The information security manager's BEST course of action should be to:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The BEST course of action for the information security manager would be to present the risk to senior management (option B).
Explanation: Sharing a login account among multiple users violates the access policy and creates a security risk because it becomes difficult to identify who accessed the application and performed specific actions. This practice could lead to unauthorized access, data theft, or loss of data integrity, which could result in financial loss or damage to the company's reputation.
The business management indicates that the practice creates operational efficiencies. However, the security manager should explain the risks associated with sharing login credentials and make senior management aware of the need to comply with the access policy. This will ensure that management understands the potential security risks and can make informed decisions on how to proceed.
Modifying the policy (option A) might be necessary in the long term, but in the immediate scenario, it may not solve the problem of users violating the policy. Enforcing the policy (option C) may lead to conflict with business management and could be difficult to implement without senior management support. Creating an exception for the deviation (option D) is not recommended as it undermines the access policy and creates an unnecessary risk.
Therefore, the BEST course of action is to present the risk to senior management and work with them to find a solution that balances security and operational efficiency.