An account with full administrative privileges over a production file is found to be accessible by a
member of the software development team. This account was set up to allow the developer to
download nonsensitive production data for software testing purposes. The information security
manager should recommend which of the following?
A.
Restrict account access to read only
B.
Log all usage of this account
C.
Suspend the account and activate only when needed
D.
Require that a change request be submitted for each download
Explanation:
Administrative accounts have permission to change data. This is not required for the developers to
perform their tasks. Unauthorized change will damage the integrity of the data. Logging all usage
of the account, suspending the account and activating only when needed, and requiring that a
change request be submitted for each download will not reduce the exposure created by this
excessive level of access. Restricting the account to read only access will ensure that the integrity
can be maintained while permitting access.