Which of the following should the security team recommend FIRST?

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?
A . Investigating a potential threat identified in logs related to the identity management system
B . Updating the identity management system to use discretionary access control
C . Beginning research on two-factor authentication to later introduce into the identity management system
D . Working with procurement and creating a requirements document to select a new IAM system/vendor

View Answer

Answer: D

Explanation:

This is because the homegrown identity management system is not consistent with best practices and leaves the institution vulnerable, which means it needs to be replaced with a more secure and reliable solution. A new IAM system/vendor should be able to provide features such as role-based access control, two-factor authentication, auditing, and compliance that can enhance the security and efficiency of the identity management process. A requirements document can help define the scope, objectives, and criteria for selecting a suitable IAM system/vendor that meets the needs of the institution.