Answered step by step
Verified Expert Solution
Question
1 Approved Answer
The issue write-up below is missing what element of a finding? The Information Security Policy requires individual user accounts to be associated with an active
The issue write-up below is missing what element of a finding? The Information Security Policy requires individual user accounts to be associated with an active employee or authorized contractor. However, a comparison of 500 individual accounts to an extract from the HR database found 15 (3%) accounts were not traceable to either an employee or approved contractor. User accounts not associated with verifiable individuals may impede the effectiveness of controls to ensure accountability for actions within the system. Management should strengthen controls over user account creation and reauthorization procedures. Mary Watson, Director of Information Security, will implement an Identity and Access Management tool, which will automate account management processes. Ms. Watson will provide a corrective action response by November 30, 2021. Criteria Cause Consequence Corrective Action Condition
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started