Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers tha

adminJanuary 30, 2019

Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:

A. change the companys security policy.

B. educate users about the risk of weak passwords.

C. build in validations to prevent this during user creation and password change.

D. require a periodic review of matching user ID and passwords for detection and correction.

Explanation:

The compromise of the password is the highest risk. The best control is a preventive control through validation at the time the password is created or changed. Changing the companys security policy and educating users about the risks of weak passwords only provides information to users, but does little to enforce this control. Requiring a periodic review of matching user ID and passwords for detection and ensuring correction is a detective control.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers tha

Leave a Reply Cancel reply