Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann
notices she can access the payroll status and pay rates of her new coworkers. Which of the following could
prevent this scenario from occurring?
Separation of duties
User access reviews
In addition to assigning user access properly, it is important to review that access periodically. Access review is
a process to determine whether a user’s access level is still appropriate. People’s roles within an organization
can change over time. It is important to review user accounts periodically and determine if they still require theaccess they currently have. An example of such a scenario would be a network administrator who was
responsible for the domain controller but then moved over to administer the remote access servers. The
administrator’s access to the domain controller should now be terminated. This concept of access review is
closely related to the concept of least privileges. It is important that users do not have “leftover” privileges from
previous job roles.