An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system. Which of the following is the BEST way to prevent the misconfiguration from recurring?
The best way to prevent the recurrence of segregation of duties issues in an ERP system is to implement a role-based access control (RBAC) model. In a role-based model, users are assigned roles based on their job functions, and each role is associated with specific access rights and permissions. This helps in preventing conflicts of duties by ensuring that individuals only have access to the resources necessary for their specific roles.
D: Granting user access using a role-based model.
Granting user access using a role-based model: This is the best approach because it involves designing access control based on roles and responsibilities within the organization. A well-designed role-based model should inherently address segregation of duties issues by defining roles that have specific access permissions that align with job functions. By implementing a role-based access control system, you can prevent users from having conflicting permissions, reducing the risk of segregation of duties issues from occurring in the first place.
So, option D is the most proactive and effective way to prevent the misconfiguration from recurring.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saado9
Highly Voted 1 year, 3 months agoFAGFUR
Most Recent 7 months, 4 weeks agoSuperMax
9 months, 1 week agohoho
1 year, 1 month agoBabaP
1 year, 2 months ago