Implementing Effective Controls for Preventing Unauthorized System Access

C.

The situation described in the question is that help desk employees have access to systems that are not required for their job functions. This indicates that there may be a lack of proper access controls in place, which can lead to an increased risk of unauthorized access or misuse of privileged information.

To prevent this situation, the organization should implement the principle of least privilege access. This principle requires that users are granted the minimum level of access necessary to perform their job functions, and no more. By limiting access to only what is necessary, the risk of unauthorized access or misuse of privileged information is reduced.

Separation of duties is another control that can help prevent unauthorized access. This control requires that different duties and responsibilities are divided among different individuals or groups. This can help prevent fraud, errors, or misuse of privileges, as no single individual has complete control over a process.

Multi-factor authentication is a control that adds an extra layer of security to the authentication process. This control requires users to provide two or more types of authentication factors to access a system or application, such as a password and a fingerprint scan. This can help prevent unauthorized access in case one factor is compromised or stolen.

Privileged access reviews are periodic reviews of access rights granted to privileged users. This control helps ensure that privileged access is granted only to those who need it, and that access rights are promptly revoked when no longer needed.

However, in the given situation, implementing the principle of least privilege access would be the most effective control to prevent help desk employees from having access to systems not required for their job functions.