CISM Certified Information Security Manager – Question1100

In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:

A.
ensure access to individual functions can be granted to individual users only.
B. implement role-based access control in the application.
C. enforce manual procedures ensuring separation of conflicting duties.
D. create service accounts that can only be used by authorized team members.

Correct Answer: B

Explanation:

Explanation:
Role-based access control is the best way to implement appropriate segregation of duties. Roles will have to be defined once and then the user could be changed from one role to another without redefining the content of the role each time. Access to individual functions will not ensure appropriate segregation of duties. Giving a user access to all functions and implementing, in parallel, a manual procedure ensuring segregation of duties is not an effective method, and would be difficult to enforce and monitor. Creating service accounts that can be used by authorized team members would not provide any help unless their roles are properly segregated.