For the first time, the procurement department has requested that IT grant remote access to third-party suppliers.
Which of the following is the BEST course of action for IT in responding to the request?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The BEST course of action for IT in responding to the request from the procurement department to grant remote access to third-party suppliers is to:
A. Analyze risks and propose a solution.
Explanation:
Before granting remote access to third-party suppliers, IT should perform a risk analysis to identify potential risks and vulnerabilities associated with the remote access. This analysis should consider the sensitivity of the data or systems that the third-party suppliers will be accessing, the security posture of the third-party suppliers, the security controls that will be in place, and the potential impact of a security breach.
Based on the risk analysis, IT should propose a solution that addresses the identified risks and vulnerabilities. The proposed solution should include security controls such as access controls, encryption, and monitoring, as well as policies and procedures that govern the use of remote access by third-party suppliers. IT should work closely with the procurement department to ensure that the proposed solution meets their business requirements while maintaining an appropriate level of security.
B. Implement a remote access architecture.
Implementing a remote access architecture is premature without first conducting a risk analysis and proposing a solution. The risk analysis and solution proposal should inform the design and implementation of the remote access architecture to ensure that it addresses the identified risks and vulnerabilities.
C. Develop a remote access policy.
Developing a remote access policy is a good practice, but it should be done in conjunction with the risk analysis and solution proposal. The policy should reflect the security controls and procedures outlined in the solution proposal and should be reviewed and approved by key stakeholders.
D. Issue log-on credentials to third-party suppliers.
Issuing log-on credentials to third-party suppliers is premature without first conducting a risk analysis and proposing a solution. The credentials should be issued in accordance with the remote access policy and should be subject to periodic review and revocation.