PECB Lead Implementer (ISO/IEC 27001) — Question 17

The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. Which of the following controls would help the IT Department achieve this objective?

Answer options

• A. Alarms to detect risks related to heat, smoke, fire, or water
• B. Change all passwords of all systems
• C. An access control software to restrict access to sensitive files

Correct answer: C

Explanation

The correct answer is C because access control software helps to limit who can view or modify sensitive files, thus reducing the risk of unauthorized access and potential security breaches. Option A, while important for physical security, does not directly address information security. Option B is a good practice but changing passwords alone does not enhance security comprehensively without the implementation of access controls.