Which of the following is a recommended separation of duties control in information systems?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Coach CFE Exam. Study using flashcards and multiple-choice questions, each with hints and explanations. Get ready for your assessment!

Multiple Choice

Which of the following is a recommended separation of duties control in information systems?

Explanation:
Separation of duties and least privilege are the ideas behind controlling access to production systems. The goal is to ensure that no single person has both the ability to modify software and access live data, which helps prevent fraud, mistakes, and data breaches. The recommended approach is that developers should not have access to production data. They work in separate environments for development and testing, while production access is restricted to authorized personnel who handle operations and change management, with proper approvals, monitoring, and audit trails. This creates checks and oversight in how code is deployed and how data is used. Options that give programmers unsupervised access to production, grant unlimited production data access to IT staff, or give end users unrestricted data access all break the principle of least privilege and undermine safeguards against misuse and exposure.

Separation of duties and least privilege are the ideas behind controlling access to production systems. The goal is to ensure that no single person has both the ability to modify software and access live data, which helps prevent fraud, mistakes, and data breaches.

The recommended approach is that developers should not have access to production data. They work in separate environments for development and testing, while production access is restricted to authorized personnel who handle operations and change management, with proper approvals, monitoring, and audit trails. This creates checks and oversight in how code is deployed and how data is used.

Options that give programmers unsupervised access to production, grant unlimited production data access to IT staff, or give end users unrestricted data access all break the principle of least privilege and undermine safeguards against misuse and exposure.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy