Several business units have requested the ability to use collaborative web-based meeting places
with third party vendors. Generally these require user registration, installation of client-based
ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or
read-write mode. In order to ensure that information security is not compromised, which of the
following controls is BEST suited to this situation?
A.
Disallow the use of web-based meetings as this could lead to vulnerable client-side
components being installed, or a malicious third party gaining read-write control over an internal
workstation.
B.
Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based
assessment. Based on the outcomes, if any risks are identified then do not allow web-based
meetings. If no risks are identified then go forward and allow for these meetings to occur.
C.
Allow the use of web-based meetings, but put controls in place to ensure that the use of these
meetings is logged and tracked.
D.
Evaluate several meeting providers. Ensure that client-side components do not introduce undue
security risks. Ensure that the read-write desktop mode can either be prevented or strongly
audited.