Certified Information Security Manager (CISM) — Question 1139

Which of the following is the MOST important reason to integrate nonrepudiation into the design of user authentication?

Answer options

• A. To ensure there are no conflicts when changing database records
• B. To ensure users cannot escalate their own access privileges
• C. To ensure users cannot alter log records within the system
• D. To ensure actions can be traced to specific users

Correct answer: D

Explanation

The correct answer, D, highlights the importance of tracing actions back to specific users, which is essential for accountability. Options A, B, and C, while relevant to security, do not directly pertain to nonrepudiation, which focuses on ensuring that users cannot deny their actions.