ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst?
A . Accept the risk in order to keep the system within the company’s standard security configuration.
B . Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution.
C . Secure the data despite the need to use a security control or solution that is not within company standards.
D . Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration.
Answer: B
Leave a Reply