PrepAway - Latest Free Exam Questions & Answers

Which of the following is BEST practice to employ in or…

Which of the following is BEST practice to employ in order to reduce the risk of collusion?

PrepAway - Latest Free Exam Questions & Answers

A.
Least Privilege

B.
Job Rotation

C.
Separation of Duties

D.
Mandatory Vacations

Explanation:
The objective of separation of duties is to ensure that one person acting alone cannot compromise the
company’s security in any way. High-risk activities should be broken up into different parts and distributed to
different individuals or departments. That way, the company does not need to put a dangerously high level of
trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than
one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where
employees work at several jobs in a business, performing each job for a relatively short period of time.
Job rotation in the workplace is a system where employees work at several jobs in a business, performing each
job for a relatively short period of time. By moving people willing to collude to commit fraud, we can reduce the
risk of collusion.
Incorrect Answers:
A: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the
company and no more. It is not the best control for reducing collusion.
C: Separation of Duties prevents one person being able to commit fraud. With separation of duties, collusion
between two or more people would be required to commit the fraud. However, separation of duties does not
prevent the collusion.
D: Mandatory vacations are a way of detecting fraud. If a fraudulent activity stops while an employee is on
vacation, it is easy to determine who was committing the fraud. Mandatory vacations do not prevent the
collusion.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1235-1236


Leave a Reply