Exam CISSP topic 1 question 411 discussion

Employees more likely to have bad intentions when leaving compared to when joining company.

B and C should be in the same option with a slash (/) I don't love these types of questions LOL

Going with C - Both provisioning and deprovisioning play an important role in securing IT systems and applications, but effective and automated user provisioning should be top of mind for any organization that wants to enhance their security posture. https://www.okta.com/blog/2020/07/what-is-provisioning-and-deprovisioning/#:~:text=Both%20provisioning%20and%20deprovisioning%20play,to%20enhance%20their%20security%20posture.

B. Deprovisioning. Deprovisioning, also known as offboarding or deactivation, involves the process of revoking access and privileges for users who are leaving the organization or no longer need access to certain resources. If deprovisioning is not performed correctly or in a timely manner, it can pose significant security risks to an organization.

B) Deprovisioning constitutes the greatest risk if performed incorrectly in the identity management lifecycle. Deprovisioning refers to revoking access and deleting accounts when someone leaves an organization. If accounts are not properly deprovisioned, it leaves the biggest risk of unauthorized access. Former employees may still be able to login and access resources if their accounts remain active. This can enable malicious actions by disgruntled former employees. Even without malicious intent, it exposes sensitive systems and data. The other stages have less severe risks if done improperly: A) Propagating refers to syncing identities across systems. Errors here may cause account inconsistencies but not direct unauthorized access. C) Provisioning done improperly may allow over-entitlement but not by itself open access to former staff. D) Maintaining refers to managing and updating access. Mistakes can lead to entitlement creep but not the same risks as improper deprovisioning.

C can be a problem, but maybe I have too much access at work, I wouldn't even know it. B however can be a big issue. "In OneLogin’s survey, 20 percent of the respondents reported that failure to deprovision employees from corporate applications contributed to a data breach at their organization." "The impact for companies is huge: an average cost of a breach is $148 per record and $3.867.91 million per breach in the U.S. Breached companies underperform the market for years, and 60 percent of small businesses fold within six months of an attack." https://www.onelogin.com/blog/deprovisioning-secret

I would go for B. CISSP OSG stated somewhere that an exit of employees goes with great risks (bad exit, etc). I think the risks here are greater than employees who get too much priviliges upfront.

B is correct. If access is not properly and timely revoked users who should no longer have access can continue to access sensitive data.

C - Provisioning

agreed with C

The correct answer is C. Provisioning. Provisioning is the process of creating user accounts and granting access to resources based on job roles or other criteria. This stage involves granting users access to resources they need to perform their duties, and it is where most of the access-related security risks lie. If provisioning is not done correctly, it can lead to users having excessive privileges, which can result in unauthorized access to sensitive information or systems. Therefore, provisioning needs to be carefully managed and monitored to ensure that users have only the necessary access to perform their job duties.