Mandatory vacation and job rotation are implemented in your company to detect and prevent corruption. As a security professional, which of the following will you suggest with priority?
A. Conduct user entitlement review periodically
B. Isolate employees from enterprise networks when an audit is undergoing on their mandatory vacation
C. Provide training and certification courses upon rotation to ensure the new job can be done effectively
D. Require immediate password change when an employee rotates to a new position
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Conduct user entitlement review periodically.
Job rotation may cause previlige creeping. User entitlement reviews can detect this issue so that the company can take corrective actions.
Conducting audits on mandatory vacations helps but it’s not frequent enough to detect potential issues. It’s one of the feasible audit practices to isolate employees from enterprise networks when an audit is undergoing on their mandatory vacation, but it’s not mandatory.
Training should be delivered before job rotation so that employees are qualified and competent for the new job position. It’s too late to do so upon or after rotation.