An organization has the following written policies:
– Users must request approval for non-standard software installation.
– Administrators will perform all software installations.
– Software must be installed from a trusted repository.
A recent security audit identified crypto-currency software installed on one user’s machine. There are no indications of compromise on this machine.
Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?
A . The user’s machine was infected with malware; implement the organization’s incident response
B . The user installed the software on the machine; implement technical controls to enforce the written policies
C . The crypto-currency software was misidentified and is authorized; add the software to the organization’s approved list
D . Administrators downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software.
Answer: B