Sophia, a security analyst, notices that a sensitive folder on a file server was accessed...

The EC-Council Incident Handler (ECIH) curriculum stresses that periodic access reviews are essential for preventing insider threats. When user roles change or projects end, permissions must be reviewed and adjusted according to the Principle of Least Privilege (PoLP).

In this case, the intern retained access privileges beyond the project duration due to lack of periodic auditing. Regular auditing of user access rights ensures that permissions remain aligned with job responsibilities and reduces the risk of privilege misuse.

Option A (data classification) helps identify sensitive data but does not ensure access rights are revoked. Option B (account lockout policies) addresses brute-force login attempts, not permission creep. Option D (surveillance cameras) concerns physical monitoring.

ECIH emphasizes implementing Role-Based Access Control (RBAC), enforcing least privilege, conducting quarterly or periodic access reviews, and maintaining strong identity governance to mitigate insider threats.

Therefore, regular auditing of user access rights would have prevented this issue.