Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

After a recent security breach, it was discovered that a developer had promoted

ID: 3741797 • Letter: A

Question

After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfox to resolve a user navigatio allowing inappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the n issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, production environment? oA Cross training OB O c Succession planning Automated reporting OD Separation of dutiers

Explanation / Answer

All of these options given contains a very good amount of ratio in playing an important role in preventing a security breach and hence it makes the answer little context dependent.

Let me first explain to you the role of all these terms in security and then I will give you the answer.

Starting from

Cross training

It is good for managing, because it provides more flexibility in managing the workforce to get the job done, and it helps employees to learn new skills.
The need for cross-training can be plenty and may take a bit more time to identify.

If a company is always assigning a certain task to a single individual specialized in a particular area will bring a point of failure.
Now in the case given in the question, the coder did a mistake and there was no one to cross verify it which results in a security breach.

ow lets understand the other term which is

Successive planning

It is an important way to identify employees who have the skills or a potential to develop skills.
As in our case of security, it is very important.

SEE planning something before an event occurs gives you an edge that helps you in case something unexpected occur you can minimize the damage.
In the question asked it is mentioned that what could have been done to prevent the breach but in case of successive planning they may have planned a way
to tackle the situation if any problem occurs but this method doesn't guarantee you that no breach will happen.
So option 2 is not the answer.

The 3rd option is

Automated reporting

It is key to stopping breaches.
Automating systems that regularly check the password settings, server and firewall configuration might bring about the reduction of risk in the sensitive information.
It is a very effective way of preventing security breaches when combined with quality monitoring tools and applications together it creates a system which is very effective
in terms of performance and also reduces human errors by a huge percent or you can say even completely.

Taking account of the situation mentioned in the question the coder was modifying the code debugging it and doing what not which is definitely a tedious job.
In case of automated reporting, the manual task could have been converted into automated workflows which can be done easily and effectively and can be checked if any error is left or not.

Automated reporting enables much faster determination of whether an incident was a false positive or not.
In case of automated reporting, the update and the modified data would be delivered at specific intervals and in this way while the process or debbuging is going on the reported code could be verified.


let me explain the last option which is

Separation of duties

It is a key concept of internal controls.
It is very much similar to the first part as it says that no person alone should act on any issue.
Any company should not combine roles as in the case in the question the coder had made a mistake in his specialized domain which was his duty.
The main job of Separation of duties is to ensure that no individual have conflicting responsibilities.

It was not the job of a coder to look for the security of the system and hence that should have monitored the issue before releasing it globally.

D.SOD is the answer

But some may say that automated reporting is equally important as I said it is totally context dependents

I hope my explanation will make your doubt clear.

Related Questions

After a heavy storm, the waste water holding tanks at a waste water treatment pl
Question #321484
After a heavy storm, the waste water holding tanks at a waste water treatment pl
Question #321509
After a huge success selling our flower packs to local shops we’ve acquired enou
Question #3835005
After a huge success selling our flower packs to local shops we’ve acquired enou
Question #3835006
After a huge success selling our flower packs to local shops we’ve acquired enou
Question #3854410
After a lab experiement, you need to neutralize 13.22 grams of barium hydroxide
Question #1089823
After a large scale earthquake it is predicted that 30% of all buildings have be
Question #3127106
After a laser bean passes through two thin parallel slits, thefirst completely d
Question #1758384
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
After a recent murder took place, a DNA sample was collected at the scene. The s
Next
After a rockslide, three large boulders of mass m1 = 5.00 Times 102 kg, m2 = 7.0

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.