最近、必要な管理者の承認を得ずに複数のネットワーク ユーザー アカウントが作成されました。この状況に対処するためにリスク担当者が推奨する最善の策は次のどれでしょうか。
正解:C
Several network user accounts were recently created without the required management approvals. This indicates that there is a risk of unauthorized access, use, disclosure, modification, or destruction of the network resources or data, which may affect the confidentiality, integrity, and availability of the network.
The best recommendation to address this situation is to investigate the root cause of noncompliance. This means that the risk practitioner should analyze the factors or reasons that led to the creation of the network user accounts without the required management approvals, such as human error, negligence, malice, system failure, process flaw, etc.
Investigating the root cause of noncompliance helps to identify and correct the source of the problem, prevent or reduce the recurrence of the problem, and improve the compliance and security of the network user accounts.
The other options are not the best recommendations to address this situation. They are either secondary or not effective for noncompliance.
The references for this answer are:
Risk IT Framework, page 31
Information Technology & Security, page 25
Risk Scenarios Starter Pack, page 23