Which type of authorization policy would BEST address this practice?

An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and
encourage crosstraining. Which type of authorization policy would BEST address this practice?

An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and
encourage crosstraining. Which type of authorization policy would BEST address this practice?

A.
Multilevel

B.
Role-based

C.
Discretionary

D.
Attribute-based

Explanation:

A role-based policy will associate data access with the role performed by an individual, thus
restricting access to data required to perform the individual’s tasks. Multilevel policies are based
on classifications and clearances. Discretionary policies leave access decisions up to information
resource managers.



Leave a Reply 0

Your email address will not be published. Required fields are marked *