According to IIA guidance on IT, which of the following strategies would provide the most effective access control over an automated point-of-sale system?
Access control is about ensuring that only authorized individuals can access specific data, based on their role and necessity. The Principle of Least Privilege (PoLP) dictates that users should only have access to the data they need for their job.
Minimizes Unauthorized Access Risks – Prevents employees from accessing sensitive data unnecessarily.
Supports Segregation of Duties (SoD) – Critical in preventing fraud and security breaches.
Enhances Compliance – Meets regulatory requirements like GDPR, PCI-DSS, and SOX, which demand strict access controls.
Strengthens System Security – Reduces potential damage from malware, insider threats, or data breaches.
A. Install and update anti-virus software – Important for cybersecurity but does not directly control user access.
B. Implement data encryption techniques – Protects stored or transmitted data but does not define access rights.
D. Upgrade firewall configuration – Controls network traffic, not user-specific access within an automated system.
IIA’s GTAG on Access Management and Controls – Recommends setting data access based on user needs to prevent fraud and misuse.
COBIT 2019 (Governance and Management of Enterprise IT) – Advocates for role-based access controls.
ISO 27001 Annex A.9 (Access Control) – Stresses the importance of restricting access based on business requirements.
Why Setting Data Availability by User Need is the Best Strategy?Why Not the Other Options?IIA References:✅ Final Answer: C. Set data availability by user need.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit