A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.
Which of the following should the security team recommend FIRST?
The first recommendation should be to work with procurement and create a requirements document to select a new Identity and Access Management (IAM) system or vendor. The outside auditor has indicated that the homegrown identity management system is not consistent with best practices and leaves the institution vulnerable. This points to a fundamental issue with the existing system that needs to be addressed promptly. Focusing on acquiring a new, more secure IAM system aligns with addressing the core problem. The other options, such as investigating potential threats, updating the current system's access control, or exploring two-factor authentication, are reactive measures that do not solve the underlying security issue indicated by the auditor's report.
If you receive a report that your application has a vulnerability and there is suspicious activity in your logs then your FIRST step would be to investigate the logs to see if you have already been compromised and deal with that issue. THEN you can move on to other steps.
But it doesn't say "And there is suspicious activity"
a report was received.. could be wrong. have to verify
"The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable." where does it say suspicious activity in your logs?
D. Working with procurement and creating a requirements document to select a new IAM system/vendor If the security team at a university has received a report from an outside auditor indicating that the institution's homegrown identity management system is not consistent with best practices and leaves the institution vulnerable, the team should consider replacing the system with a more secure and robust solution. To do this, the security team should work with procurement to create a requirements document that outlines the necessary capabilities and features of a new identity and access management (IAM) system or vendor. This may include researching and evaluating potential solutions, testing and piloting new systems, and negotiating contracts with vendors.
Keyword is homegrown.
Audit doesn't identify threats, they issue findings, so not a.
I initially thought "D", but I've been convinced it's "A"-- when you go to procurement the first question they'll ask is "Why do you need to buy this?" and you'll say "The auditor said there's a potential vulnerability" and they'll say "Well has it ever actually been exploited???" and you'll go "uhh...ummm.. I mean... the auditor just said it's there." and they'll say "That's nice, junior. How about you go tell me what our actual risk level is, or if there's ever been an issue, before daddy gets out his wallet and slips you some cash." Or at least that's what they'll say if you haven't don "A" first.
I don't know where you work, but IRL Procurement is not that smart
Keyword: First D is a long term project, not a solution for immediate response.
This is a trick question, but if you think of it, they received a report from an auditor, thus, they were not able to see the alerts themselves, so there would be no logs to investigate. I did consider the answer A, but D makes more sense.
Answer: D. Working with procurement and creating a requirements document to select a new IAM system/vendor Explanation: The security team should first address the root cause of the problem, which is the homegrown identity management system that is not consistent with best practices in the security field. This leaves the institution vulnerable. Therefore, the first step should be to work with procurement and create a requirements document to select a new Identity and Access Management (IAM) system/vendor. This will ensure that the new system is in line with the best practices in the security field and will reduce the institution's vulnerability. The other options, such as investigating a potential threat, updating the system to use discretionary access control, or researching two-factor authentication, are all important but they are secondary steps that should be taken after addressing the main issue.
A in my opinion is correct If you want all questions you can contact me at <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3d5052515144135a5c4f4958537d52484951525256135e5250">[email protected]</a>
Given the information provided, the FIRST recommendation for the security team should be: D. Working with procurement and creating a requirements document to select a new IAM system/vendor
D About A - Who says there are logs??
A. Investigating a potential threat identified in logs related to the identity management system, as cybersecurity the first thing you do is verify if it is true, then send request to management for approval of budget then to the procurement team.
Given that the outside auditor has reported that the homegrown identity management system is not consistent with best practices and leaves the institution vulnerable, it indicates a fundamental issue with the existing system. In such cases, it's prudent to consider the procurement of a new Identity and Access Management (IAM) system that aligns with industry best practices. Remember that the question does not specify what the problem is, so the only possible answer is D.
bet i can A. Investigating a potential threat identified in logs related to the identity management system before you can D. Working with procurement and creating a requirements document to select a new IAM system/vendor.
the way i read it is a potential threat has been identified in a log file related to the identity management system, so I will investigate the potential immediate threat first and then begin the much longer process of procurement. I am going to focus on the word, first
First off, alot is left unsaid in this question:If the external auditor is from a regulatory body or the government, does it really matter if the security team decide to do the investigation? If they've already found out that the system is not consistent with industry best practice, is there any need to conduct an investigation?My point is, if the outside auditors have found that the system is against best practice,then it does really matter what the security does except to comply to the recommendation for best practice.
It is not A. The auditor found a potentially critical vulnerability. If they went with A there might not be any indicators of a threat. That does not mean the IMS system is not vulnerable. The report will give them enough information of why they need to replace the system.