CompTIA CASP+ Practice Test

To reduce risk associated with administrative access while allowing staff to cover for one another, which policy should the CISO implement?

• A. Require role-based security on primary roles
• B. Allow blanket access to all systems for all staff
• C. Issue temporary access codes for absent staff
• D. Conduct regular training on access management

The correct answer is: Require role-based security on primary roles

Implementing role-based security on primary roles is essential for reducing risk associated with administrative access while still allowing for staff coverage. This approach ensures that access privileges are assigned based on the specific roles and responsibilities within the organization. By defining roles clearly, the CISO can ensure that staff have the minimum access necessary to perform their job functions effectively, thus minimizing the risk of unauthorized access or unintentional data breaches. Moreover, role-based security helps in maintaining accountability, as it becomes clear which individuals have access to which systems. This segregation of duties is important in a security context, as it prevents individuals from having more access than needed, especially in an environment where staff may need to cover for one another during absences. This method allows for controlled access that balances operational flexibility with security requirements. In contrast, allowing blanket access to all systems for all staff would significantly increase security risks, making it difficult to track and manage sensitive information. Issuing temporary access codes for absent staff could introduce vulnerabilities if not managed properly, as codes might be misused or fall into the wrong hands. Regular training on access management is valuable but does not directly mitigate the risks associated with administrative access; it primarily serves to inform and educate staff on the existing policies and procedures.