Unauthorized Access Request: Handling Resigned Employee's Password Reset

Preventing Unauthorized Access Requests for Resigned Employees

Prev Question Next Question

Question

An organization uses SSO authentication for employee access to network resources.

When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately.

Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server.

Which of the following represents the BEST course of action?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The best course of action in this scenario is C. Deny the former employee's request, as a password reset would give the employee access to all network resources.

Explanation:

Single Sign-On (SSO) is a technology that allows users to authenticate once and gain access to multiple systems and applications without needing to re-authenticate each time. This approach simplifies the authentication process, increases security, and reduces administrative overheads. However, it also poses a security risk if the user's account is compromised, as it gives the attacker access to all the network resources the user can access.

In this scenario, the former employee's access to all network resources was terminated immediately after the resignation, as per the organization's security policy. However, the former employee requested a password reset to access payroll information from the human resources server.

Approving the former employee's request (Option A or D) would be a security risk as the former employee could potentially gain access to other network resources beyond payroll information. Moreover, password reset requests should only be accepted from authorized and authenticated channels, and a request from an external email address (Option B) is not a reliable source of authentication.

Therefore, the best course of action is to deny the former employee's request (Option C) to avoid any potential security breach. Additionally, the help desk should report the incident to the security team or the management to investigate any possible security breaches or policy violations.