which of the following controls is BEST suited to this situation?

Several business units have requested the ability to use collaborative web-based meeting places
with third party vendors. Generally these require user registration, installation of client-based
ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or
read-write mode. In order to ensure that information security is not compromised, which of the
following controls is BEST suited to this situation?

Several business units have requested the ability to use collaborative web-based meeting places
with third party vendors. Generally these require user registration, installation of client-based
ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or
read-write mode. In order to ensure that information security is not compromised, which of the
following controls is BEST suited to this situation?

A.
Disallow the use of web-based meetings as this could lead to vulnerable client-side
components being installed, or a malicious third party gaining read-write control over an internal
workstation.

B.
Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based
assessment. Based on the outcomes, if any risks are identified then do not allow web-based
meetings. If no risks are identified then go forward and allow for these meetings to occur.

C.
Allow the use of web-based meetings, but put controls in place to ensure that the use of these
meetings is logged and tracked.

D.
Evaluate several meeting providers. Ensure that client-side components do not introduce undue
security risks. Ensure that the read-write desktop mode can either be prevented or strongly
audited.



Leave a Reply 0

Your email address will not be published. Required fields are marked *