During an audit, an IS auditor learns that lengthy and
complex passwords are required to reach the network via
modem. These passwords were established by an outside
provider. The communications software allows users to select
a ?remember password? option. What should the IS auditor's
PRIMARY recommendation be?
A. Disable the save password option and have users record
them elsewhere.
B. Request that the provider change the dial-in password to
a group password.
C. Establish and enforce a process to have users change
their passwords.
D. Allow users to change their passwords to something less
complex.
- 1 Answers
- 4106 Views
- I also Faced
- E-Mail Answers
Answer Posted / guest
Answer: C
Requiring users to change their passwords is a user account
management process. Passwords are a form of shared secrets,
useful only if they are secret. Having users select
something memorable is preferable to having it saved on the
machine. Disabling the save password option, would minimize
the ease or access by unauthorized persons with access to
the hardware. However, having users write their passwords
down or included in a file on their machine defeats the
purpose of having a complex password. Requesting the
provider to change the password to a group password would
decrease the usefulness of the audit trail and therefore the
ability to hold individual users accountable. Allowing users
to change their passwords is a better suggestion. However,
if users are not forced to do this on a periodic basis, this
also defeats the purpose.
| Is This Answer Correct ? | 8 Yes | 0 No |
Post New Answer View All Answers
