To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:

To help ensure that contract personnel do not obtain unauthorized access to sensitive information,
an information security manager should PRIMARILY:

To help ensure that contract personnel do not obtain unauthorized access to sensitive information,
an information security manager should PRIMARILY:

A.
set their accounts to expire in six months or less.

B.
avoid granting system administration roles.

C.
ensure they successfully pass background checks.

D.
ensure their access is approved by the data owner.

Explanation:

Contract personnel should not be given job duties that provide them with power user or other
administrative roles that they could then use to grant themselves access to sensitive files. Setting
expiration dates, requiring background checks and having the data owner assign access are all
positive elements, but these will not prevent contract personnel from obtaining access to sensitive
information.



Leave a Reply 0

Your email address will not be published. Required fields are marked *