Certified Information Systems Security Professional (CISSP) — Question 170

An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?

Answer options

• A. Implementation of frequent audits of access and activity in the ERP by a separate team with no operational duties
• B. Implementation of strengthened authentication measures including mandatory second-factor authentication
• C. Review of ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities
• D. Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities

Correct answer: D

Explanation

The correct answer is D because differentiating mission activities from system support activities helps to enforce proper SoD by clearly defining roles and responsibilities. Option A, while beneficial, does not directly impact the configuration of the ERP itself. Option B enhances security but does not specifically address SoD. Option C is important for access management but does not focus on the distinction between different types of activities.