Authorization controls ensure that users have appropriate access levels based on their roles and responsibilities. The primary concern arises when all users have uniform access, as it violates the principle of least privilege (PoLP) and increases the risk of unauthorized access and data breaches.
(A) Users can only see certain screens in the system.
Incorrect. This is a good security practice, as it limits user access based on job roles, preventing unauthorized access to sensitive information.
(B) Users are making frequent password change requests.
Incorrect. Frequent password resets might indicate poor password management but are not directly related to authorization controls.
(C) Users input incorrect passwords and get denied system access.
Incorrect. This indicates authentication issues, not an authorization control concern. If users are denied access due to incorrect passwords, the system’s authentication mechanisms are working correctly.
(D) Users are all permitted uniform access to the system. ✅
Correct. Authorization should be role-based, meaning different users should have different levels of access depending on their responsibilities. Uniform access violates security best practices and increases the risk of fraud, data misuse, and compliance violations.
IIA GTAG "Identity and Access Management" emphasizes that authorization controls should be based on job functions to prevent unnecessary exposure to sensitive data.
IIA Standard 2120 – Risk Management highlights the importance of access control policies to mitigate cybersecurity risks.
IIA GTAG – "Identity and Access Management"
IIA Standard 2120 – Risk Management
COBIT Framework – Access Control and Identity Management
Analysis of Answer Choices:IIA References:Thus, the correct answer is D, as uniform access across all users is a major security concern in authorization control.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit