Certified Chief Information Security Officer (CCISO) — Question 118

Which represents PROPER separation of duties in the corporate environment?

Answer options

• A. Information Security and Network teams perform two distinct functions
• B. Information Security and Identity Access Management teams perform two distinct functions
• C. Finance has access to Human Resources data
• D. Developers and Network teams both have admin rights on servers

Correct answer: B

Explanation

The correct answer, B, illustrates proper separation of duties as it ensures that different teams handle distinct responsibilities, minimizing the risk of conflicts of interest. In contrast, A also represents distinct functions but does not address the critical aspect of access control as effectively as B. Options C and D violate the principle of separation of duties, as they grant inappropriate access that could lead to security breaches.