A business area received an audit finding because an administrator made unapproved emergency changes to a critical system. Which of the following would BEST prevent unapproved changes in the future?
A business area received an audit finding because an administrator made unapproved emergency changes to a critical system. Which of the following would BEST prevent unapproved changes in the future?
Dual-control temporary emergency access accounts are the best option to prevent unapproved changes in the future. This method requires two individuals to authorize and execute changes, which significantly increases control and reduces the risk of unauthorized changes. It acts as a preventive measure rather than just procedural guidance.
Dual-control accounts require two individuals to authorize and execute changes, which significantly reduces the risk of unapproved changes.
To most effectively prevent unauthorized emergency changes, B. Updating emergency change management procedures is the best option. The reason is that clearly defining procedures and reinforcing the necessary approval processes will encourage managers to follow proper procedures when making changes. This will reduce the risk of unauthorized changes occurring in the future. D. "Dual-control temporary emergency access accounts" is also effective, but a review of fundamental procedures should be prioritized.