During a penetration test of a financial services company, a tester discovered that junior analysts in the marketing department have read-access to sensitive client financial records. This issue of excessive permissions is widespread across multiple departments. Which of the following administrative controls would be the MOST effective long-term remediation for this finding?
Deploy multifactor authentication for all network share access.
Increase the frequency of mandatory password rotations for all employees.
Create segmented network shares and use shared department accounts for access.
Implement role-based access control (RBAC) to align permissions with job functions.
Implementing role-based access control (RBAC) is the most effective long-term solution because it aligns user permissions directly with their specific job functions, enforcing the principle of least privilege. This approach systematically addresses the root cause of excessive permissions and prevents 'privilege creep' by ensuring employees can only access data necessary for their roles. While MFA is a critical authentication control, it does not address the underlying authorization problem of excessive permissions. Periodic password changes are a basic security hygiene practice but do not correct flawed access rights. Using shared accounts would worsen the problem by eliminating individual accountability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to match permissions to user duties?
Open an interactive chat with Bash
What is privilege creep, and why is it a risk?
Open an interactive chat with Bash
How can organizations prevent recurring permission misconfigurations?