For the first time, the procurement department has requested that IT grant remote access to third-party suppliers.
Which of the following is the BEST course of action for IT in responding to the request?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The BEST course of action for IT in responding to the procurement department's request for remote access to third-party suppliers is option C: Design and implement a secure remote access process.
Explanation:
Granting remote access to third-party suppliers can pose various risks to an organization's IT environment. It is essential to establish a secure process to ensure that the third-party suppliers access the IT system in a secure manner, without compromising the confidentiality, integrity, and availability of the system.
Proposing a solution after analyzing IT risk (option A) is a good practice; however, it may not be sufficient to address the specific risks associated with remote access by third-party suppliers. An in-depth analysis of the risks and vulnerabilities related to the proposed remote access solution should be conducted before proposing a solution.
Designing and implementing key authentication controls (option B) is also an essential step in securing remote access; however, it is just one aspect of a secure remote access process. Other aspects such as encryption, network segmentation, and logging should also be considered in designing a comprehensive remote access solution.
Option D: Adequate internal standards to fit the new business case is a vague and ambiguous response that does not provide specific guidance on how to address the specific risks associated with granting remote access to third-party suppliers.
Therefore, option C is the BEST course of action for IT in responding to the request for remote access to third-party suppliers. It involves designing and implementing a secure remote access process that takes into account all relevant risks and vulnerabilities associated with third-party access. This process should include a well-defined authentication mechanism, encryption, network segmentation, and logging to ensure that remote access is secure and compliant with organizational policies and standards.