Which option demonstrates that an organization is meeting recognized obligations in protecting resources across multiple areas, reducing potential claims of negligence?
Applying least-privilege controls to specialized systems while avoiding the rest of the corporate network
Requiring that all users inspect their own systems for vulnerabilities without providing resources or training
Keeping a minimal log of access attempts that focuses on top executives and ignores lower-level users
Maintaining documented security procedures aligned with recognized external requirements for each area of the environment
Maintaining documented procedures aligned with recognized external requirements shows consistent accountability. This indicates the organization has identified standards it must uphold and is implementing them. Relying on limited logging, requiring users to address vulnerabilities on their own without guidance, or focusing protections on a small portion of systems do not fulfill the broader obligations for security practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are recognized external requirements for security procedures?
Open an interactive chat with Bash
Why is documentation important in security procedures?
Open an interactive chat with Bash
What is the concept of least-privilege controls and why isn't it sufficient alone?