A large enterprise recently experienced a data breach due to an insider threat. The IT governance committee is reviewing the incident and considering measures to prevent recurrence. Which of the following is the BEST course of action to address the root cause?
Trap 1: Increase logging and auditing of all user activities.
Logging alone does not prevent a breach; it only helps detection.
Trap 2: Deploy a security information and event management (SIEM) tool.
SIEM is a detective control, not preventive.
Trap 3: Terminate the employment of the insider who caused the breach.
Termination is a reactive measure after the breach, not preventive.
- A
Implement a privileged access management (PAM) solution to control and monitor elevated access.
PAM directly prevents and controls unauthorized privileged access, addressing the root cause.
- B
Increase logging and auditing of all user activities.
Why wrong: Logging alone does not prevent a breach; it only helps detection.
- C
Deploy a security information and event management (SIEM) tool.
Why wrong: SIEM is a detective control, not preventive.
- D
Terminate the employment of the insider who caused the breach.
Why wrong: Termination is a reactive measure after the breach, not preventive.