Because identification is critical to the issue of accountability, companiesshould follow strict guidelines. Which would not be considered a good practice inimplementing identification access control?

A.
Enforce naming standards

B.
IDs should be unique

C.
IDs should be job descriptive

D.
IDs must be easily validated

Explanation:
Identification should never be job descriptive. Giving the attacker a tip as to whatthe user does can be advantageous to him. This information can give the attacker anidea of the type of access this user would have and this data could be used insocial engineering attacks. IDs should be generic in this regard so that its namedoes not give away what the user does within the organization.