PrepAway - Latest Free Exam Questions & Answers

The IS auditor’s main concern should be that:

An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor’s
main concern should be that:

PrepAway - Latest Free Exam Questions & Answers

A.
more than one individual can claim to be a specific user.

B.
there is no way to limit the functions assigned to users.

C.
user accounts can be shared.

D.
users have a need-to-know privilege.

Explanation:
Without an appropriate authorization process, it will be impossible to establish functional limits and
accountability. The risk that more than one individual can claim to be a specific user is associated with the
authentication processes, rather than with authorization. The risk that user accounts can be shared is
associated with identification processes, rather than with authorization. The need-to-know basis is the best
approach to assigning privileges during the authorization process.


Leave a Reply