Question 647 - CISA discussion

The answer A is correct because user activity monitoring is the most effective control to mitigate against the risk of inappropriate activity by employees. User activity monitoring (UAM) is the process of tracking and recording the actions and behaviors of users on devices, networks, or applications that belong to an organization. UAM can help to prevent, detect, and respond to insider threats, such as data theft, fraud, sabotage, or misuse of resources. UAM can also help to enforce policies, ensure compliance, and improve productivity and performance.

Some of the benefits of UAM are:

Prevention: UAM can deter employees from engaging in inappropriate activity by making them aware that their actions are monitored and recorded. UAM can also prevent unauthorized access or use of sensitive data or resources by implementing access controls, encryption, or alerts.

Detection: UAM can detect any anomalies, deviations, or violations in user activity by analyzing the data collected from various sources, such as logs, keystrokes, screenshots, or video recordings. UAM can also use artificial intelligence or machine learning to identify patterns, trends, or risks in user behavior.

Response: UAM can respond to any incidents or issues related to user activity by notifying the relevant stakeholders, such as managers, security teams, or auditors. UAM can also provide evidence or proof of user activity for investigation or remediation purposes.

Some examples of UAM tools are:

Teramind: Teramind is a cloud-based UAM platform that offers features such as user behavior analytics, risk scoring, policy enforcement, data loss prevention, and productivity optimization.

Digital Guardian: Digital Guardian is a data protection platform that offers UAM capabilities such as endpoint detection and response, data classification and tagging, and threat hunting and incident response.

XPLG: XPLG is a log management and analysis platform that offers UAM features such as log aggregation and correlation, user behavior profiling and anomaly detection, and real-time alerts and dashboards.

The other options are not as effective as option A. Two-factor authentication (option B) is a security mechanism that requires users to provide two pieces of evidence to verify their identity before accessing a system or resource. Two-factor authentication can enhance the security and privacy of user accounts, but it does not monitor or record the user activity after the authentication. Network segmentation (option C) is a technique that divides a network into smaller subnetworks based on criteria such as function, location, or security level. Network segmentation can improve the performance, security, and manageability of a network by reducing congestion, isolating threats, and enforcing policies. However, network segmentation does not track or record the user activity within each segment of the network. Access recertification (option D) is a process that verifies and validates the access rights of users to systems or resources periodically or on-demand. Access recertification can ensure that users have the appropriate level of access based on their roles and responsibilities, but it does not monitor or record the user activity with the access rights.

[User Activity Monitoring: Examples and Best Practices | SEON]

Top 10 user activity monitoring tools: software features and tracking price - Dashly blog

What is User Activity Monitoring? How It Works, Benefits, Best Practices and More - Digital Guardian

What Is User Activity Monitoring? Learn the What, Why, and How - XPLG