You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company’s network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?
A.
Reconfigure the firewall
B.
Conduct a needs analysis
C.
Install a network-based IDS
D.
Enforce the corporate security policy
Explanation:
The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you’ll have to find another way to accomplish the task or wait until the policy has been changed.