Which of the following documents would be the BES T reference to determine whether access
control mechanisms are appropriate for a critical application?
A.
User security procedures
B.
Business process flow
C.
IT security policy
D.
Regulatory requirements
Explanation:
IT management should ensure that mechanisms are implemented in line with IT security policy.
Procedures are determined by the policy. A user security procedure does not describe the access
control mechanism in place. The business process flow is not relevant to the access control
mechanism. The organization’s own policy and procedures should take into account regulatory
requirements.