The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine
who may be responsible. Which of the following would be the BEST course of action?

A.
Create a single, shared user account for every system that is audited and logged based upon time of
use.

B.
Implement a single sign-on application on equipment with sensitive data and high-profile shares.

C.
Enact a policy that employees must use their vacation time in a staggered schedule.

D.
Separate employees into teams led by a person who acts as a single point of contact for observation
purposes.

Explanation:
A policy that states employees should use their vacation time in a staggered schedule is a way of
employing mandatory vacations. A mandatory vacation policy requires all users to take time away fromwork while others step in and do the work of that employee on vacation. This will afford the CSO the
opportunity to see who is using the company assets responsibly and who is abusing it.
Incorrect Answers:
A: A single shared user account for every system will not single out any one who might be the guilty party.
You need to see and audit individual accounts to single out the guilty party.
B: Single sign is about having a single / one only password for all resources on a given network which will
make singling out a guilty party problematic.
D: Separating and organizing employees into teams makes singling out a single guilty party problematic.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 25