An information security consultant is asked to make recommendations for a small business to protect the access to information, stored on network drives. The small business supports several government agencies that manage highly sensitive information. Which of the following recommendations is BEST to achieve this objective?
For a small business supporting several government agencies that manage highly sensitive information, the best recommendation to protect access to information stored on network drives is to develop and implement access management policies and procedures. Access management policies and procedures are essential for defining and controlling who has access to what information and under what circumstances. They are crucial for preventing unauthorized access by ensuring that access is granted on a need-to-know basis, utilizing mechanisms such as password policies, multi-factor authentication, and role-based access controls. This foundational step addresses not only the prevention of unauthorized access but also establishes a systematic approach to managing and securing sensitive information.
Out of the given options, the recommendation that is best for protecting the access to information stored on network drives in a small business that supports several government agencies managing highly sensitive information is to develop and implement access management policies and procedures (Option B). Access management policies and procedures are a critical component of information security, and they help to ensure that only authorized individuals are able to access sensitive information. By developing and implementing access management policies and procedures, the small business can control who has access to sensitive information, and can ensure that access is only granted on a need-to-know basis. This can include measures such as password policies, multi-factor authentication, and role-based access controls.
Good luck everyone for the Exam too
Good luck everyone for the Exam =D!
B. Develop and implement access management policies and procedures. While all of the options may contribute to protecting access to information stored on network drives, developing and implementing access management policies and procedures is the BEST recommendation for achieving the objective. Access management policies and procedures define who has access to what information and under what circumstances, and they can help prevent unauthorized access or use of sensitive information. Developing and implementing a security information and event monitoring system, a security operations center (SOC), or data center access policies and procedures are also important measures, but they are more focused on monitoring and responding to security incidents rather than preventing them. Therefore, these measures can be considered as complementary to access management policies and procedures.
B is correct
B. Develop and implement access management policies and procedures. To protect access to sensitive information stored on network drives, the best approach is to develop and implement access management policies and procedures. This involves defining who has access to what resources, setting up proper authentication and authorization mechanisms, and enforcing access controls. Access management policies and procedures ensure that only authorized individuals can access the sensitive information, reducing the risk of data breaches or unauthorized access.
Finished all questions, lets gooooo. Got my exam tomorrow!
Definitely go with B, Access management Policies and Procedure, even for migration to cloud, you implement access management policies to secure the data in storage account.