CISM Certified Information Security Manager – Question0497

An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage cross training. Which type of authorization policy would BEST address this practice?

A.
Multilevel
B. Role-based
C. Discretionary
D. Attribute-based

Correct Answer: B

Explanation:

Explanation:
A role-based policy will associate data access with the role performed by an individual, thus restricting access to data required to perform the individual’s tasks. Multilevel policies are based on classifications and clearances. Discretionary policies leave access decisions up to information resource managers.