PrepAway - Latest Free Exam Questions & Answers

The BEST control to mitigate this risk is to:

Sign-on procedures include the creation of a unique user ID and password. However, an IS
auditor discovers that in many cases the username and password are the same. The BEST
control to mitigate this risk is to:

PrepAway - Latest Free Exam Questions & Answers

A.
change the company’s security policy.

B.
educate users about the risk of weak passwords.

C.
build in validations to prevent this during user creation and password change.

D.
require a periodic review of matching user ID and passwords for detection and correction.

Explanation:

The compromise of the password is the highest risk. The best control is a preventive control
through validation at the time the password is created or changed. Changing the company’s
security policy and educating users about the risks of weak passwords only provides information
to users, but does little to enforce this control. Requiring a periodic review of matching user ID and
passwords for detection and ensuring correction is a detective control.


Leave a Reply