contestada

An entity has many employees that access a database. The database contains sensitive information concerning the customers of the entity and has numerous access points. Access controls prevent employees from entry to those areas of the database for which they have no authorization. All salespersons have certain access permission to customer information. Which of the following is a true statement regarding the nature of the controls and risks?

a. Because there is no segregation of duties among the salespersons, risk of collusion is increased
b. Only one salesperson should be allowed access permission
c. Sales department personnel should not have access to any part of the database
d. A salesperson’s access to customer information should extendonly to what is necessary to perform his/her duties

Respuesta :

eooyibo123

Answer:

A salesperson's access to customer information should extend only to what is necessary to perform his or her duties.

Explanation:

In accessing information in an organisation, user rights should be created to limit the amount of information an individual can access. This can also provide relevant information to a person to do their jobs.

For example a cashier should not have access to the audit reports of an organisation. It does not have relevance to their job.

So in this scenario a good control is when a salesperson's access to customer information extend only to what is necessary to perform his or her duties.

Otras preguntas