A supervisor in your organization was demoted on Friday afternoon.
The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions.
On Monday morning, the database administrator reported that log files indicated that several records were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer to this question is D. Monthly user rights reviews.
When an employee with managerial permissions is demoted, there is a potential risk of unauthorized access or modification of confidential data. The risk increases when the supervisor has access to sensitive data, as in this case, where the supervisor had the ability to modify the contents of a confidential database. Therefore, it is essential to implement risk mitigation strategies to prevent any unauthorized access, modification, or deletion of data.
Monthly user rights reviews are an effective risk mitigation strategy that involves a periodic review of user permissions and access rights. The review ensures that users have access only to the resources they need to perform their job functions and that their access rights are appropriate for their current roles. This process helps to identify and mitigate potential security risks and ensures that any changes in an employee's role or job responsibilities are reflected in their access rights.
Incident management is a reactive strategy that focuses on identifying, managing, and resolving security incidents after they occur. It is not an appropriate strategy for preventing security breaches, as it only helps to minimize the impact of security incidents.
Routine auditing is a good security practice, but it is not specific to risk mitigation after a demotion. Auditing involves reviewing logs, security policies, and procedures to ensure that they are effective in protecting against security threats.
IT governance is a framework of policies and procedures that ensures the effective and efficient use of IT resources in an organization. While IT governance is an essential component of a comprehensive security strategy, it is not a specific risk mitigation strategy for preventing unauthorized access or modification of data after a demotion.
In conclusion, the best risk mitigation strategy for preventing unauthorized access or modification of data after a demotion is monthly user rights reviews. It ensures that users have appropriate access rights and helps to prevent security breaches by identifying and mitigating potential security risks.