A company is looking to reduce the likelihood of employees in the finance department being involved
with money laundering. Which of the following controls would BEST mitigate this risk?
A.
Implement privacy policies
B.
Enforce mandatory vacations
C.
Implement a security policy
D.
Enforce time of day restrictions
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. And in the same
time it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfy
the need to have replication or duplication at all levels in addition to affording the company an
opportunity to discover fraud for when others do the same job in the absence of the regular staff
member then there is transparency.Incorrect Answers:
A: Privacy policies are used to define which controls are needed to implement and maintain
sanctity/safety of data privacy.
C: Security policies are used to define which controls are needed to implement and maintain the security
of the company resources such as systems, users and networks.
D: Time of day restrictions are used to configure when an account can have access to the system, this
does not prevent anyone from laundering money.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 24 -25, 153