An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system. Which of the following is the BEST way to prevent the misconfiguration from recurring?
A.
Monitoring access rights on a regular basis
B.
Referencing a standard user-access matrix
C.
Correcting the segregation of duties conflicts
D.
Granting user access using a role-based model
Most Voted
The best way to prevent the recurrence of segregation of duties issues in an ERP system is to implement a role-based access control (RBAC) model. In a role-based model, users are assigned roles based on their job functions, and each role is associated with specific access rights and permissions. This helps in preventing conflicts of duties by ensuring that individuals only have access to the resources necessary for their specific roles.
D: Granting user access using a role-based model.
Granting user access using a role-based model: This is the best approach because it involves designing access control based on roles and responsibilities within the organization. A well-designed role-based model should inherently address segregation of duties issues by defining roles that have specific access permissions that align with job functions. By implementing a role-based access control system, you can prevent users from having conflicting permissions, reducing the risk of segregation of duties issues from occurring in the first place.
So, option D is the most proactive and effective way to prevent the misconfiguration from recurring.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saado9
Highly Voted 11 months, 3 weeks agoFAGFUR
Most Recent 4 months agoSuperMax
5 months, 2 weeks agohoho
9 months, 1 week agoBabaP
10 months, 1 week ago