What is the MAIN objective of proper separation of duties?

A.
To prevent employees from disclosing sensitive information.

B.
To ensure access controls are in place.

C.
To ensure that no single individual can compromise a system.

D.
To ensure that audit trails are not tampered with.

Explanation:
The objective of separation of duties is to ensure that one person acting alone cannot compromise the
company’s security in any way. High-risk activities should be broken up into different parts and distributed to
different individuals or departments. That way, the company does not need to put a dangerously high level of
trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than
one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system whereemployees work at several jobs in a business, performing each job for a relatively short period of time.
Incorrect Answers:
A: Separation of duties does not prevent employees from disclosing sensitive information.
B: Separation of duties does not ensure access controls are in place.
D: Separation of duties does not ensure that audit trails are not tampered with.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1235-1236