A security audit has uncovered a lack of security controls with respect to employees’ network account management. Specifically, the audit reveals that employee’s network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active.
Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?
A . Review the HR termination process and ask the software developers to review the identity management code.
B . Enforce the company policy by conducting monthly account reviews of inactive accounts.
C . Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D . Update the company policy to account for delays and unforeseen situations in account deactivation.
Answer: C
Leave a Reply