The best recommendation for the auditor to make is D. Line management should regularly review and request modification of access rights. Access rights are the permissions and privileges granted to users to access, view, modify, or delete data or resources on a system or network1. Excessive rights are access rights that are not necessary or appropriate for a user’s role or function, and may pose a risk of unauthorized or inappropriate use of data or resources2. Therefore, it is important to ensure that access rights are alignedwith the principle of least privilege, which means that users should only have the minimum level of access required to perform their duties2.
Line management is responsible for overseeing and supervising the activities and performance of their staff, and ensuring that they comply with the organization’s policies and standards3. Therefore, line management should regularly review and request modification of access rights for their staff, as they are in the best position to:
Understand the roles and functions of their staff, and determine the appropriate level of access rights needed for them to perform their duties effectively and efficiently.
Monitor and evaluate the usage and behavior of their staff, and identify any changes or anomalies that may indicate excessive or inappropriate access rights.
Communicate and collaborate with IT security or system administrators, who are responsible for granting, revoking, or modifying access rights, and request any necessary adjustments or corrections.
Submit