Two members of the finance department have access to sensitive information. The company is
concerned they may work together to steal information. Which of the following controls could be
implemented to discover if they are working together?
A.
Least privilege access
B.
Separation of duties
C.
Mandatory access control
D.
Mandatory vacations
Mandatory Vacation Policy: requires all users to take time away from work to refresh; allows company a chance to make sure others can fill in the gaps in skills; satisfies need to have replication/duplication; provides opportunity to discover fraud from a change in use patterns.
This is the definition that I saw, but I think a good access control policy mixed with watching logs would be able to find this fraud better.