Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Posted by: Pdfprep Category: CISM Tags: , ,

Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A . User management coordination does not exist.
B . Specific user accountability cannot be established.
C . Unauthorized users may have access to originate, modify or delete data.
D . Audit recommendations may not be implemented.

Answer: C

Explanation:

Without a policy defining who has the responsibility for granting access to specific systems, there is an increased risk that one could gain (be given) system access when they should not have authorization. By assigning authority to grant access to specific users, there is a better chance that business objectives will be properly supported.

Leave a Reply

Your email address will not be published.