Isaca Certified in Risk and Information Systems Control CRISC Question # 182 Topic 19 Discussion
CRISC Exam Topic 19 Question 182 Discussion:
Question #: 182
Topic #: 19
An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:
A.
business purpose documentation and software license counts
B.
an access control matrix and approval from the user ' s manager
C.
documentation indicating the intended users of the application
D.
security logs to determine the cause of invalid login attempts
The best way to ensure that access remains appropriate for an organization that practices the principle of least privilege is to review user access rights on a regular basis by obtaining an access control matrix and approval from the user’s manager. An access control matrix is a table that shows the access rights and permissions of each user or role for each resource or function. An access control matrix helps to verify that the users have the minimum level of access required to perform their duties, and to identify any unauthorized or excessive access rights. Approval from the user’s manager helps to confirm that the user’s access rights are consistent with their current role and responsibilities, and to authorize any changes or exceptions as needed. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 3, Section 3.2.2, page 1281
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit