To mitigate a situation where one of the programmers of an application requires access to
production data, the information security manager could BEST recommend to.
A.
create a separate account for the programmer as a power user.
B.
log all of the programmers’ activity for review by supervisor.
C.
have the programmer sign a letter accepting full responsibility.
D.
perform regular audits of the application.
Explanation:
It is not always possible to provide adequate segregation of duties between programming and
operations in order to meet certain business requirements. A mitigating control is to record all of
the programmers’ actions for later review by their supervisor, which would reduce the likelihood of
any inappropriate action on the part of the programmer. Choices A, C and D do not solve the
problem.