A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the
contents of a confidential database, as well as other managerial permissions. On Monday morning, the
database administrator reported that log files indicated that several records were missing from the database
Which of the following risk mitigation strategies should have been implemented when the supervisor was
demoted?
A.
Incident management
B.
Routine auditing
C.
IT governance
D.
Monthly user rights reviews
Why monthly? It could take up to 30 days to review.
2
0
routing auditing out of the answer choices will be better than monthly users right review. better yet, the company should have a policy in place for those terminated employees regardless of their positions.
4
0
A MONTHLY review is supposed to catch an issue within a 1 business day window?? Terrible question.
0
0
The right answer is D. Even though the monthly user rights review is usually performed around the same time each month, the demotion of the supervisor would trigger that process early for that particular month, so right after the demotion. The demotion of a supervisor is not an incident but it might be related to an incident…but it is still a major event that would trigger an early review of his rights and permissions.
0
0