Answer: C The compromise of the password is the highest risk. The best

Sign-on procedures include the creation of a unique user ID
and password. However, an IS auditor discovers that in many
cases the user name and password are the same. The BEST
control to mitigate this risk is to:

A. change the company's security policy.

B. educate users about the risk of weak passwords.

C. build in validations to prevent this during user creation
and password change.

D. require a periodic review of matching user ID and
passwords for detection and correction.

Question Posted / guest

1 Answers
4583 Views
I also Faced
E-Mail Answers

Answer Posted / guest

Answer: C

The compromise of the password is the highest risk. The best
control is a preventive control through validation at the
time the password is created or changed. Changing the
company's security policy and educating users about the risk
of weak passwords only provides information to users, but
does little to enforce this control. Requiring a periodic
review of matching user ID and passwords for detection and
ensuring correction is a detective control.

Is This Answer Correct ?

7 Yes

0 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

purchase orders issued to vendors have been authorized as per the authorization matrix

1093

WHICH OF THE FOLLOWING IS OFTEN AN ADVANTAGE OF USING PROTOTYPING GOR DYDTEM DVELOPMENT

2843