Certified Information Systems Auditor (CISA) — Question 467

In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire." Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Answer options

• A. Schedule downtime to implement password changes.
• B. Introduce database access monitoring into the environment.
• C. Modify the access management policy to make allowances for application accounts.
• D. Modify applications to no longer require direct access to the database.

Correct answer: B

Explanation

The correct answer is B, as introducing database access monitoring allows for the detection of potentially unauthorized access without disrupting operations. Options A and D could lead to significant downtime or changes in application architecture, which are disruptive. Option C may not sufficiently mitigate the risk associated with accounts that never expire.