Certified in Risk and Information Systems Control (CRISC) — Question 1366

What should be the immediate action upon discovery that users of a critical finance application have potentially excessive privileges?

Answer options

• A. Recommend compensating controls be implemented.
• B. Request the service owner to perform an entitlement review.
• C. Review system logs for potentially malicious behavior.
• D. Inform the risk owner so access can be removed.

Correct answer: B

Explanation

The correct action is to request the service owner to perform an entitlement review, as this will help assess the privileges users have and determine if they are appropriate. While informing the risk owner is important, it should follow the review process to ensure informed decision-making. Reviewing system logs is reactive rather than proactive in this scenario, and implementing compensating controls does not address the immediate issue of excessive privileges.