A few months ago, the president of Clearwater National Bank hired you to improve their IT security program. She was concerned that customer information was vulnerable to hackers, and it was up to you to provide the best possible protection from these threats. During your initial audit, you notice that one employee has accessed certain customer records that are outside her job purview. In other words, she has access to information beyond her “need to know basis.”
The audit log shows the following line item …
Debbie Frisco opened record #1432323A – Customer Allen Reardon
Woah! You know both Debbie Frisco and Allen Reardon. You have kids on the same soccer team. You also know that Allen Reardon sold a 2011 Hummer to Debbie just a few months ago. Why is Debbie accessing Allen’s personal bank account?
While you were hired to find vulnerabilities, it’s not your intention to get anyone into trouble, especially someone that you know. Please review the PMI Code of Ethics and Professional Conduct. What does PMI recommend that you do?