Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 97

Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

Answer options

• A. Non-disclosure agreements between the firm and its employees.
• B. Logs of user activity within the information system.
• C. Two-factor authentication for access into the information system.
• D. Limited access to information, based on employee duties.

Correct answer: D

Explanation

Limited access to information based on employee duties ensures that only those who need specific data for their job can access it, effectively minimizing the risk of accidental or intentional disclosure. Non-disclosure agreements are helpful but rely on trust, while logs and two-factor authentication do not directly prevent access to sensitive information.