Scenario: An organization's database contains highly confidential employee data. Access control testing reveals that unauthorized employees can view this data. What access control measure should be implemented to address this issue?

  • Enforce Principle of Least Privilege
  • Implement Access Control Lists (ACLs)
  • Implement Intrusion Detection Systems (IDS)
  • Use Encryption for Data-at-Rest
The correct access control measure to address this issue is to enforce the Principle of Least Privilege (PoLP). PoLP ensures that each user, system, or process has the minimum level of access necessary to perform their tasks. By enforcing PoLP, unauthorized employees would not have access to highly confidential employee data unless explicitly granted permission. Implementing Access Control Lists (ACLs) might help restrict access but may not enforce the principle of least privilege as effectively. Using encryption for data-at-rest and implementing intrusion detection systems are important security measures but may not directly address the access control issue.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *