An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?
A.
Notify the CISO of the security policy violation.
B.
Perform a system access review.
C.
Perform a full review of all system transactions over the past 90 days.
D.
Immediately suspend the executives’ access privileges.
B. Perform a system access review.
Before taking any drastic actions such as notifying the CISO, suspending access privileges, or conducting a full review of all system transactions, it's essential to gather more information and assess the situation. A system access review will help determine the extent of the issue, identify how the privilege elevation is happening, and whether it is a deliberate policy violation or a result of a system misconfiguration. Once you have a better understanding of the problem, you can then take appropriate actions, which may include notifying the CISO, suspending privileges, or conducting further investigations.
I think the first order of business will be to address the improper rights. Then you do a full system access review, and notify the CISO of the results.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mih
1 week, 4 days agoAlexJacobson
11 months, 1 week agooluchecpoint
1 year, 3 months agorichck102
1 year, 6 months agoJae_kes
1 year, 6 months agoGr3yGh0sT
1 year, 8 months ago