Certified Information Systems Auditor (CISA) — Question 828
Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?
Answer options
- A. Regular monitoring of user access logs
- B. Security awareness training
- C. Annual sign-off of acceptable use policy
- D. Formalized disciplinary action
Correct answer: B
Explanation
Security awareness training is crucial as it educates users on the proper use of their access rights, significantly reducing the risk of unintentional misuse. While regular monitoring of user access logs and annual sign-offs are helpful, they do not actively prevent misuse like training does. Formalized disciplinary actions may address misuse after it occurs but do not prevent it from happening initially.