CRISC Certified in Risk and Information Systems Control – Question413

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

A.
Implement segregation of duties
B. Enforce an internal data access policy
C. Enforce the use of digital signatures
D. Apply single sign-on for access control

Correct Answer: D