An information security manager mapping a job description to types of data access is MOST likely
to adhere to which of the following information security principles?
A.
Ethics
B.
Proportionality
C.
Integration
D.
Accountability
Explanation:
Information security controls should be proportionate to the risks of modification, denial of use or
disclosure of the information. It is advisable to learn if the job description is apportioning more data
than are necessary for that position to execute the business rules (types of data access).
Principles of ethics and integration have the least to do with mapping job description to types of
data access. The principle of accountability would be the second most adhered to principle since
people with access to data may not always be accountable but may be required to perform an
operation.