In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire." Which of the following recommendations would BEST address the risk with minimal disruption to the business?
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire." Which of the following recommendations would BEST address the risk with minimal disruption to the business?
In a 24/7 processing environment, ensuring minimal disruption to business operations while managing security risks is crucial. Privileged application accounts with passwords set to 'never expire' present a significant risk. Modifying the access management policy to make allowances for application accounts can help address this risk effectively. This approach involves creating specific guidelines or controls tailored to these accounts, allowing for the enforcement of security measures such as periodic password changes or enhanced security protocols without causing downtime or operational interruptions.
C. Modify the access management policy to make allowances for application accounts.
BEST Solution: This approach minimizes disruption and directly addresses the risk. Benefits: Applications no longer directly access the database. Privileged accounts can be managed separately, enforcing password policies. Improved security posture without impacting business continuity.
B is answer
In a 24/7 processing environment, where continuous operation is critical for business operations, changing passwords that are set to "never expire" might lead to disruptions or downtime if not managed carefully. Modifying the access management policy to make allowances for application accounts can involve implementing compensating controls or alternative security measures to mitigate the risk associated with passwords that do not expire while ensuring continuous operation. Option B, introducing database access monitoring into the environment, is a valuable security measure, but it may not directly address the risk posed by privileged application accounts with passwords set to "never expire." Access monitoring can help detect and respond to unauthorized access attempts or suspicious activities, but it doesn't inherently address the issue of passwords not expiring.
Option C specifically targets the root cause of the risk by establishing guidelines or controls tailored to address the unique requirements of privileged application accounts. This approach allows organizations to enforce password management practices, such as periodic password changes or enhanced security measures, without disrupting business operations or requiring immediate downtime.
C - correct answer