Which statement below is the BEST example of separation of duties?

A.
Getting users to divulge their passwords.

B.
An activity that checks on the system, its users, or the environment.

C.
One person initiates a request for a payment and another authorizes
that same payment.

D.
A data entry clerk may not have access to run database analysis reports.

Explanation:
Separation of duties refers to dividing roles and responsibilities so
that a single individual cannot subvert a critical process. In financial
systems, no single individual should normally be given the
authority to issue checks. Checks and balances need to be designed
into both the process as well as the specific, individual positions of
personnel who will implement the process.
*Answer “An activity that checks on the system, its users, or the environment” describes system
monitoring.
*Answer “Getting users to divulge their passwords” is social engineering, a method of subverting
system
controls by getting users or administrators to divulge information
about systems, including their passwords.
*Answer “A data entry clerk may not have access to run database analysis reports” describes
least privilege. Least privilege refers to the
security objective of granting users only those accesses they need to
perform their official duties. Least privilege does not mean that all
users will have extremely little functional access; some employees
will have significant access if it is required for their position. It is
important to make certain that the implementation of least privilege
does not interfere with the ability to have personnel substitute for
each other without undue delay. Without careful planning, access
control can interfere with contingency plans.
Source: National Institute of Standards and Technology, An Introduction
to Computer Security: The NIST Handbook Special Publication 800-12.