Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and
systems?

A.
User management coordination does not exist.

B.
Specific user accountability cannot be established.

C.
Unauthorized users may have access to originate, modify or delete data.

D.
Audit recommendations may not be implemented.

Explanation:
Without a policy defining who has the responsibility for granting access to specific systems, there is an
increased risk that one could gain (be given) system access when they should not have authorization. By
assigning authority to grant access to specific users, there is a better chance that business objectives will beproperly supported.