Which of the following is the BEST approach to perform risk mitigation of user access control rights?
Conduct surveys and rank the results.
Perform routine user permission reviews.
Implement periodic vulnerability scanning.
Disable user accounts that have not been used within the last two weeks.
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing
antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so
on. User permissions may be the most basic aspect of security and is best coupled with a principle of least
privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of
who can access what resource and at what level. Thus, the best risk mitigation steps insofar as access control
rights are concerned, is the regular/routine review of user permissions.