ODBC access to a database on a network-connected host is required. The host does not have a security
mechanism to authenticate the incoming ODBC connection, and the application requires that the connection
have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be
implemented. The information in the database is not sensitive, but was not readily accessible prior to the
implementation of the ODBC connection. Which of the following actions should be taken by the security
analyst?
A.
Accept the risk in order to keep the system within the company’s standard security configuration.
B.
Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard
solution.
C.
Secure the data despite the need to use a security control or solution that is not within company standards.
D.
Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard
security configuration.