Certified Chief Information Security Officer (CCISO) — Question 132

Your company has a `no right to privacy` notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee's email account.
What should you do?

Answer options

• A. Deny the request citing national privacy laws
• B. None
• C. Grant her access, the employee has been adequately warned through the AUP.
• D. Assist her with the request, but only after her supervisor signs off on the action.
• E. Reset the employee's password and give it to the supervisor.

Correct answer: D

Explanation

The correct answer is D because involving the supervisor adds a layer of oversight and accountability to the access request, ensuring that proper protocols are followed. Answer A is incorrect as national privacy laws may not apply here due to the 'no right to privacy' notice. Options C and E are inappropriate as they either bypass necessary oversight or are not in compliance with company policy regarding access. Option B does not provide a course of action.