CISM Certified Information Security Manager – Question1124 - CISM Certified Information Security Manager

To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.

A. create a separate account for the programmer as a power user.
B. log all of the programmers' activity for review by supervisor.
C. have the programmer sign a letter accepting full responsibility.
D. perform regular audits of the application.

Correct Answer: B

Explanation:

Explanation:
It is not always possible to provide adequate segregation of duties between programming and operations in order to meet certain business requirements. A mitigating control is to record all of the programmers’ actions for later review by their supervisor, which would reduce the likelihood of any inappropriate action on the part of the programmer. Choices A, C and D do not solve the problem.