A company is implementing new procedures for accessing sensitive financial information. Which of the following practices would best ensure that only authorized personnel can access this data?
Require users to create complex passwords for accessing the data.
Conduct access reviews annually to ensure that access rights are still valid.
Implement role-based access controls to restrict data access based on job functions.
Implementing role-based access controls ensures that individuals are granted access based on their specific job responsibilities, minimizing the risk of unauthorized access to sensitive information. In contrast, requiring users to create complex passwords might enhance security, but it does not restrict access based on roles. Restricting access solely to the IT department does not address the need for appropriate access control for other authorized personnel, and merely conducting access reviews annually may lead to time gaps where unauthorized access could occur.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC)?
Open an interactive chat with Bash
Why are complex passwords important in an access control strategy?
Open an interactive chat with Bash
What are access reviews and why are they necessary?
Open an interactive chat with Bash
ISC2 CISSP
Asset Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access