A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements: All access must be correlated to a user account. All user accounts must be assigned to a single individual. User access to the PHI data must be recorded. Anomalies in PHI data access must be reported. Logs and records cannot be deleted or modified. Which of the following should the administrator implement to meet the above requirements? (Choose three.)
A) Eliminate shared accounts.
B) Create a standard naming convention for accounts.
C) Implement usage auditing and review.
D) Enable account lockout thresholds.
E) Copy logs in real time to a secured WORM drive.
F) Implement time-of-day restrictions.
G) Perform regular permission audits and reviews.

Question

Quizplus · Accepted Answer

- Eliminate shared accounts (A) ensures that each user has a unique account, meeting the requirement that all access must be correlated to a user account.- Implement usage auditing and review (C) allows for recording user access to PHI data, meeting the requirement that user access to the PHI data must be recorded.- Copy logs in real time to a secured WORM drive (E) ensures that logs and records cannot be deleted or modified, meeting the requirement that logs and records cannot be deleted or modified.

A Security Administrator Is Developing Controls for Creating Audit Trails