Which of the following is NOT a criterion for access control?

A.
Role

B.
Identity

C.
Keystroke monitoring

D.
Transactions

Explanation:
Keystroke monitoring is associated with the auditing function and not access control. For answer a,
the identity of the user is a criterion for access control. The identity must be authenticated as part of
the I & A process. Answer Role refers to role-based access control where access to information is
determined by the user’s job function or role in the organization. Transactions refer to access control
through entering an account number or a transaction number, as may be required for bill payments
by telephone, for example.