Certified in Risk and Information Systems Control (CRISC) — Question 24
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Answer options
- A. Implement segregation of duties
- B. Enforce an internal data access policy
- C. Enforce the use of digital signatures
- D. Apply single sign-on for access control
Correct answer: B
Explanation
Enforcing an internal data access policy is the most effective way to regulate who can access confidential information, ensuring that only authorized individuals have the necessary permissions. While segregation of duties, digital signatures, and single sign-on contribute to overall security, they do not directly address the prevention of unauthorized data retrieval as effectively as a comprehensive access policy.