Which of the following is the best approach to validate the continued need for auser to have privileged access to system resources?
A.
Periodic review of data classifications and system controls
B.
Periodic review and re-certification of privileged user needs
C.
Periodic review of audit logs and access attempts by all users
D.
Revoke processes used to grant these types of access
Explanation:
A periodic review of the rights and permissions granted to all users(especially ones with privilege access) and how it maps to their needs to completetheir tasks best validates the reasons for access given. A user may not still needfull control to specific resources and files and a company would not uncover thiswithout reviewing the actual needs of this user.