During a routine security audit, an organization discovers that several employees have access to sensitive financial data systems even though their roles do not require it. Which of the following practices should the organization implement to enhance control over logical access?
Implement role-based access control (RBAC) to align access permissions with job responsibilities.
Apply a standardized access control approach, assigning similar access rights to employees across different roles.
Allow department heads to grant access to their teams based on assessed needs.
Implement a temporary access pass system that requires regular renewals without specific role-based restrictions.
Implementing role-based access control (RBAC) helps align access permissions with job responsibilities, ensuring that only authorized personnel can access sensitive data necessary for their position. This minimizes the risk of unauthorized access that may arise from misallocation of access rights, which can happen with more lenient approaches like departmental discretion or standardized access rights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
What are the benefits of implementing RBAC?
Open an interactive chat with Bash
How does RBAC help in compliance and auditing?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access