After a system update causes significant downtime, the Chief Information Security Officer (CISO)
asks the IT manager who was responsible for the update. The IT manager responds that it is
impossible to know who did the update since five different people have administrative access.
How should the IT manager increase accountability to prevent this situation from reoccurring?
(Select TWO).
A.
Implement an enforceable change management system.
B.
Implement a software development life cycle policy.
C.
Enable user level auditing on all servers.
D.
Implement a federated identity management system.
E.
Configure automatic updates on all servers.