Question
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to:

A. change the company's security policy.
B. educate users about the risk of weak passwords.
C. build in validations to prevent this during user creation and password change.
D. require a periodic review of matching user ID and passwords for detection and correction.
Answers
Answer: C

The compromise of the password is the highest risk. The best control is a preventive control through validation at the time the password is created or changed. Changing the company's security policy and educating users about the risk of weak passwords only provides information to users, but does little to enforce this control. Requiring a periodic review of matching user ID and passwords for detection and ensuring correction is a detective control.   Your Comment




  • Contributors: *,
More companies,Risk,auditor,security Questions..
How do you deal with risk on the job?
Explain "roles" in sap security?
What are the different types of security services involved in infrastructure management?
Describe java's security model.
The primary role of an IS auditor during the system design phase of an application development project is to:

A. advise on specific and detailed control procedures.
B. ensure the design accurately reflects the requirement.
C. ensure all necessary controls are included in the initial design.
D. advise the development manager on adherence to the schedule.
Which tables will you use for making customizing setting for security administration
The crucial functions for company's survival is managed by
Which company from USA is associated with the construction of Cochin Refineries ?
Why APM Resource Limited? What do you know about APM Resource Limited? Company profile of APM Resource Limited?
How would you hedge against the risk of a Greek default?
Which was the first National Security Advisor of India who died recently?
Stocks of leading companies that offer a record of continuous dividend payments are known as ______ ?
Border Security Committee
Following an Ofcom investigation which TV company was judged in September 2007 to be the worst offending in the premium line phone-in scandals?
A MAJOR risk of using single sign-on (SSO) is that it:

A. has a single authentication point.
B. represents a single point of failure.
C. causes an administrative bottleneck.
D. leads to a lockout of valid users.
The Russian Sukhoi Company is famous for making what?
Explain what is “roles” in sap security?
HDFC erdo is which type of company?
Expected level of secrecy (software and data) – security features of an accounting system software are also important. Software should ensure that it prevents unauthorized access and manipulation of data. In tailored software,the user rights may be restricted according to the departments and their relevant accounting software functions.
The headquarters of which company is also known as "Bush House"?


Search
Can you Answer!!
  • Q The nearest planet of the Sun is _____ ?
  • Q Does weblogic jms support clustering?
  • Q What all sectors an audiologist can work?
  • Q I want to create a class in such a way that nobody should be able to create object for that class except me. How to do it?
  • Q What can be done to protect the home buyers from STP problems?
  • Q Which antipyretic and pain reliever is chemically named as N-acetyl-p-aminophenol ?
  • Q How do we calculate GNP and GDP?
  • Q When was West African Monetary and Economic Union found?
  • Q What is the difference between a debate and a philosophical conversation?
  • Q Name the payroll software you can access? Do you have knowledge of some accounting software as well
  • Q Explain the use of Burn Tool?