A company's primary security measure for their sensitive server room is a biometric access control system. Due to a recent natural disaster, the biometric system is temporarily unavailable. Which of the following would be the BEST compensating control to implement immediately to ensure that only authorized personnel can access the server room while maintaining a similar level of security?
Implement a sign-in/out log that is monitored by a security guard.
Set up a temporary key code lock on the server room door.
CCTV
Replace the biometric system with a standard key lock.
Disable access to the server room until the system is repaired.
A sign-in/out log with a security guard would be the best compensating control because it would provide a record of all individuals accessing the server room and could be carefully monitored. While it's not as secure as biometric controls, it is a reasonable temporary measure that also ensures human oversight. Using a key code might still be secure but it doesn't provide an audit trail of who actually enters, as codes can be shared. CCTV is a deterrent and provides a record but does not control access. A standard key lock might be easy to implement but it is less secure than biometrics. A notice is simply a warning and does nothing to secure the area.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a sign-in/out log with a security guard considered a good temporary compensating control?
Open an interactive chat with Bash
Why is CCTV not an appropriate immediate compensating control for access control?
Open an interactive chat with Bash
How does a biometric system improve security compared to compensating controls like a security guard or key lock?