An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager’s BEST course of action?
The information security manager’s best course of action is to present the risk to senior management. While enforcing the policy is important, it is crucial that senior management is aware of the risks associated with users sharing login accounts, so they can understand the potential impact on the organization. Presenting the risk allows senior management to make informed decisions regarding potential changes to policy, operational efficiencies, or additional security measures needed to mitigate the risk.
A. Present the risk to senior management.
A. Present the risk to senior management.