CGEIT Certified in the Governance of Enterprise IT – Question306

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

A.
Engaging an audit of logical access controls and related security policies
B. Authenticating access to information assets based on roles or business rules
C. Implementing multi-factor authentication controls
D. Granting access to information based on information architecture

Correct Answer: A