During an audit of the company's security governance, it is noted that there is no formal process for adding and removing user access when employees join or leave the company. As a security professional, which of the following would BEST address this deficiency?
Revise the User Access Policy.
Implement an Onboarding/Offboarding procedure.
Implement a Written Consent Framework for access to sensitive information.
Enforce multi-factor authentication (MFA) for all users.
An Onboarding/Offboarding procedure ensures that new employees are granted the appropriate access to perform their duties and that access is revoked in a timely manner to minimize potential security risks when employees leave. Documented procedures help maintain consistent and secure handling of access to systems and data, reducing the risk of unauthorized access due to outdated accounts. While having a User Access Policy and Written Consent Framework are important, they do not specifically address the procedural operations for adding and removing access as directly as an Onboarding/Offboarding procedure does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key elements that should be included in an Onboarding/Offboarding procedure?
Open an interactive chat with Bash
How does an Onboarding/Offboarding procedure reduce security risks?
Open an interactive chat with Bash
What are the potential consequences of not having an Onboarding/Offboarding procedure?