A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount.
On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives.
The temporary and contract personnel require access to network resources only when on the clock.
Which of the following account management practices are the BEST ways to manage these accounts?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
The BEST account management practices to manage temporary hires and contractor personnel who require access to network resources only when on the clock are:
A. Employ time-of-day restrictions. D. Employ an account expiration strategy.
Explanation:
A. Employ time-of-day restrictions: Time-of-day restrictions allow an organization to restrict the hours during which temporary hires and contractor personnel can access network resources. This is a useful control as it ensures that access is only granted when required, reducing the risk of unauthorized access. For example, if a temporary hire is only required to work from 9 AM to 5 PM, access to network resources can be restricted outside of these hours. Time-of-day restrictions can be implemented using network access controls such as firewalls or VPNs.
B. Employ password complexity: Password complexity is a good practice to enforce for all users, not just temporary hires and contractors. It involves requiring users to create strong passwords that include a combination of uppercase and lowercase letters, numbers, and special characters. This helps to reduce the risk of password guessing or cracking, which can result in unauthorized access. However, password complexity alone may not be sufficient for managing temporary hires and contractors who require access to network resources only when on the clock.
C. Employ a random key generator strategy: A random key generator strategy involves using a software tool to generate random, complex passwords for each user account. While this approach can provide strong passwords, it can also be difficult for users to remember their passwords, which can lead to increased support requests and frustration for users. This approach may not be practical for managing temporary hires and contractors who require access to network resources only when on the clock.
D. Employ an account expiration strategy: An account expiration strategy involves setting an expiration date for each user account. This ensures that access to network resources is only granted for a specific period, reducing the risk of unauthorized access. For temporary hires and contractor personnel, this can be particularly useful as it allows their accounts to be automatically disabled when they no longer require access to network resources. Account expiration can be configured using various tools, such as Active Directory or identity and access management (IAM) solutions.
E. Employ a password lockout policy: A password lockout policy involves locking a user's account after a certain number of failed login attempts. This can help to prevent brute-force attacks and unauthorized access. However, it may not be practical for managing temporary hires and contractors who require access to network resources only when on the clock. It can also be frustrating for users if they accidentally lock themselves out of their accounts.
In conclusion, the BEST account management practices to manage temporary hires and contractor personnel who require access to network resources only when on the clock are time-of-day restrictions and an account expiration strategy. These controls ensure that access is only granted when required and for a specific period, reducing the risk of unauthorized access.