For which of the following groups is the threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing?
A.
Malicious software (malware)
B.
Hacker or cracker
C.
Disgruntled employee
D.
Auditors
Explanation:
C: Insiders (employees, contractors, etc.) can have access to information that they should not be allowed to and in the absence of auditing (logging) their actions can go unnoticed. Encryption can provide controls over unauthorized disclosure. External attacker (hacker or cracker) activity and malware usually raise alerts on intrusion detection systems (IDS). Auditors may have the need and authorization for the disclosure of sensitive information and this access is often monitored. Page 543.