Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?
A . User management coordination does not exist
B . Audit recommendations may not be implemented
C . Users may have unauthorized access to originate, modify or delete data
D . Specific user accountability cannot be established
Answer: C
Explanation:
There is an increased risk without a policy defining who has the responsibility for granting access to specific data or systems, as one could gain system access without a justified business needs. There is better chance that business objectives will be properly supported when there is appropriate ownership.
Incorrect Answers:
A, B, D: These risks are not such significant as compared to unauthorized access.
Leave a Reply