Logical access controls are security measures that restrict electronic access to systems, applications, and data based on user roles and permissions. These controls ensure that only authorized personnel have access to specific functions or information.
Logical access controls enforce role-based access management, ensuring users only have permissions aligned with their job functions.
Proper role definitions help prevent fraud and unauthorized access by enforcing segregation of duties (SoD).
The IIA’s GTAG 4 – Management of IT Auditing highlights logical access as a core security control that supports SoD.
A. Require complex passwords to be established and changed quarterly → Incorrect. While strong passwords are an access control measure, they are not a comprehensive logical access control (they are part of authentication mechanisms).
B. Require swipe cards to control entry into secure data centers. → Incorrect. Swipe card access is a physical access control, not a logical access control.
C. Monitor access to the data center with closed-circuit camera surveillance. → Incorrect. CCTV surveillance is also a physical security control, not a logical access control.
IIA GTAG 4 – Management of IT Auditing emphasizes that logical access controls should be role-based and support segregation of duties.
IIA Standard 2110 – Governance states that organizations should maintain appropriate access controls to protect sensitive information.
NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems) identifies logical access control as a fundamental cybersecurity measure.
Why Option D is Correct?Explanation of the Other Options:IIA References & Best Practices:Thus, the correct answer is D. Maintain current role definitions to ensure appropriate segregation of duties.
Submit