Certified Information Systems Auditor (CISA) — Question 434

An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

Answer options

• A. A separate copy of the spreadsheet is routinely backed up.
• B. Access to the spreadsheet is given only to those who require access.
• C. There is a reconciliation process between the spreadsheet and the finance system.
• D. The spreadsheet is locked down to avoid inadvertent changes.

Correct answer: B

Explanation

The most crucial control for securing sensitive data in the spreadsheet is restricting access to only those who need it, as this minimizes the risk of unauthorized access and potential data breaches. While backups, reconciliation processes, and locking down the spreadsheet are important, they do not directly prevent unauthorized users from accessing or manipulating the sensitive data.