Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
B. Governs all other options and its enforced.
Research suggests:
CISA Review Manual, 27th Edition, page 2301
CISA Review Questions, Answers & Explanations Database - 12 Month Subscription2
but I have no access to this material to confirm.
B. Enforce an internal data access policy: This is directly relevant to controlling access to confidential information. Enforcing an internal data access policy ensures that only authorized personnel have access to sensitive information, based on their role and need-to-know basis. This policy would include mechanisms like access controls, user authentication, and authorization levels, which are essential to safeguard confidential data.
B. Enforce an internal data access policy
Enforcing an internal data access policy is crucial in controlling who can access what information within a business application system. This policy should define the roles and responsibilities of users, specify what data they are allowed to access based on their role, and establish protocols for granting, reviewing, and revoking access rights. Such a policy is central to maintaining the confidentiality of information by ensuring that only authorized individuals have access to sensitive data.
B. Enforce an internal data access policy
Enforcing an internal data access policy is crucial for controlling who has access to confidential information and under what circumstances. This policy should define roles, responsibilities, and permissions for different users or groups within the organization. It should specify what data can be accessed, by whom, and for what purposes. This approach ensures that only authorized personnel have access to sensitive information, reducing the risk of unauthorized retrieval.
Confidential information stored in a business application system is typically protected through the implementation and enforcement of a robust data access policy. This policy outlines who has access to what data under what circumstances, thereby preventing unauthorized retrieval of confidential information.
Segregation of duties is a security control that divides the responsibilities for processing and accessing confidential information among different individuals. This makes it more difficult for unauthorized individuals to gain access to confidential information.
More inclined to go with A. Segregation of Duties is preventative in nature. Access Policy, assuming administrative, would be more deterrent in nature.
Both implementing segregation of duties and enforcing an internal data access policy are appropriate measures to prevent unauthorized retrieval of confidential information stored in a business application system, but implementing segregation of duties is generally considered the more effective control.
I also stand by Answer B: Enforce internal data classification
Single Sign-on does not satisfy the protection of data as it just allows a single point of sign-on with authorization to access applications.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Anon530
Highly Voted 3 years, 1 month agoRooks
Highly Voted 3 years, 7 months agoNitelifer
Most Recent 3 months, 1 week agoAbbey2
3 months, 1 week agoPetza
3 months, 2 weeks agoKennethlim79
4 months, 3 weeks agomih
8 months, 1 week ago01010100
8 months, 4 weeks agopastor1
10 months, 3 weeks agoCbtL
11 months, 3 weeks agoJulianleehk
11 months, 3 weeks agojohn_boogieman
1 year, 1 month agoBoubou480
1 year, 2 months agocybervds
1 year, 3 months agoSuchib
1 year, 3 months agoBituBaba
1 year, 7 months agoCeecil1959
1 year, 11 months ago