Which of the following is the HIGHEST risk of a policy that inadequately defines data and system
ownership?
A.
User management coordination does not exists
B.
Audit recommendations may not be implemented
C.
Users may have unauthorized access to originate, modify or delete data
D.
Specific user accountability cannot be established
Explanation:
There is an increased risk without a policy defining who has the responsibility for granting access
to specific data or systems, as one could gain system access without a justified business needs.
There is better chance that business objectives will be properly supported when there is
appropriate ownership.
unauthorized access.