You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk?

a. Install and provide stronger anti-virus software on the users' computers

b. Install a two-step login procedure, where the user has to key in additional information for logging in

c. Tweak the firewall parameters so that outgoing traffic can be better controlled

d. Assign roles and privileges to users so that only job-relevant data is accessible to the user.

If there is a permission to access all the data to all the users, then there will be a problem for the department that anyone can able to change the data at any time and this will cause a risk for the department and there is needs only job-relevant data to any employee of the organization for his work, so there is no need to provide all the data for any user. This solution not caused any problem for any employee of the organization.

So it needs to assign roles and privileges to any user of the organization this will not cause security risk for the above problem. But when a user follows another option for his solution then it is not a better solution for the above problem because---

If the user follows the solution of option a, then it is not good because the solution of option a is valid for virus software.
If the user follows the solution of option b, then it is also not good because it justifies the solution of the authentication problem where there is a risk to hack the authentication information.
If the user follows the solution of option c, then it also not justify the right solution because this solution works there, where there is a risk of hacking the data.