The scenario describes a security breach where an employee’s smart card access was not updated after relocation. The best way to prevent such incidents is to regularly review access logs to detect and revoke outdated permissions.
Timely Detection of Unauthorized Access:
Regular log reviews allow security teams to identify anomalies, such as an employee accessing a location where they no longer work.
Access Control Auditing:
Periodic reviews help update access rights, ensuring that only authorized personnel have access to specific areas.
Compliance with Security Standards:
IIA Standard 2110 - Governance emphasizes ensuring security measures are effective.
ISO 27001 - Access Control Policies recommends regular access reviews to prevent unauthorized access.
B. Two-level authentication:
While multi-factor authentication enhances security, it would not remove outdated access rights from the system.
C. Photos on smart cards:
A photo helps in identity verification, but it does not prevent unauthorized access if the card remains active.
D. Restriction of access hours:
Limiting access times would not stop an unauthorized user from entering during valid hours.
IIA Standard 2110 - Governance: Internal auditors must assess IT and physical security controls.
IIA Standard 2120 - Risk Management: Ensures risks associated with unauthorized access are managed.
COBIT Framework - Identity and Access Management: Recommends reviewing user access logs for anomalies.
Key Reasons Why Option A is Correct:Why Other Options Are Incorrect:IIA References:Thus, the correct answer is A. Regular review of logs.
