Certified in the Governance of Enterprise IT (CGEIT) — Question 347

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Answer options

• A. Engaging an audit of logical access controls and related security policies
• B. Authenticating access to information assets based on roles or business rules
• C. Implementing multi-factor authentication controls
• D. Granting access to information based on information architecture

Correct answer: A

Explanation

Engaging an audit of logical access controls and related security policies is essential because it allows the organization to identify gaps in compliance and ownership of access controls. The other options, while important for securing access, do not directly address the ownership and management deficiencies that led to the penalties.