Certified Information Systems Auditor (CISA) — Question 770

When protecting the confidentiality of information assets, the MOST effective control practice is the:

Answer options

• A. awareness training of personnel on regulatory requirements.
• B. enforcement of a need-to-know access control philosophy.
• C. utilization of a dual-factor authentication mechanism.
• D. configuration of read-only access to all users.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of restricting access to information based on necessity, which is crucial for maintaining confidentiality. Options A and C, while important, focus on training and authentication rather than direct access control. Option D may limit access but does not adequately ensure that only authorized personnel can view sensitive information.