Question

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data.

To which of the following policies is the security administrator MOST likely referring?

A. Background investigation
B. Mandatory vacation
C. Least privilege
D. Separation of duties

Answer 1

The security administrator is likely advocating for a Mandatory vacation policy to review the actions of employees with privileged access and detect potential security issues during their absence.

Step-by-step explanation:

The security administrator is most likely referring to the policy of Mandatory vacation. This policy requires employees, especially those with access to sensitive systems and information, to take time off from their job functions while others take over their responsibilities. The purpose of a mandatory vacation is to allow for the inspection and review of privileged accounts and to ensure there are no irregularities or misuse of access rights. During this period, any fraudulent activities or security anomalies might be detected since the regular user is away from their account, and discrepancies can be more readily noticed. Mandatory vacations complement policies such as Least privilege and Separation of duties, which are also important in maintaining the security integrity of an organization.