IT Examiner School

Review Question 3 In a small community bank, Jill serves as both an IT and information security officer roles. Jill has admin access to systems including adding and removing accounts and permission to take ownership of objects/data. Jill also the sole person in the company that has the security responsibility of monitoring access, reviewing log files, and reporting to management on security violations. One day management decided to run an independent audit on information security and determined that Jill was accessing data on executive payroll and other strategic plans to which she was not authorized to access. What is the supervisory concern? A. Separation of Duties and independent review B. Lack of procedures C. Not enough resources D. Lack of training

Risk Assessment Basics

 Identify reasonably foreseeable internal & external threats;  Assess the likelihood and potential damage of these threats; and  Assess the sufficiency of countermeasures/controls to determine a residual risk that is acceptable by management and board

Made with FlippingBook Digital Publishing Software