What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?
A.
implement a log management process
B.
implement a two-factor authentication
C.
Use table views to access sensitive data
D.
Separate database and application servers
Explanation:
Accountability means knowing what is being done by whom. The best way to enforce the principle is to implement a log management process that would create and store logs with pertinent information such as user name, type of transaction and hour. Choice B, implementing a two-factor authentication, and choice C, using table views to access sensitive data, are controls that would limit access to the database to authorized users but would not resolve the accountability problem. Choice D may help in a better administration or even in implementing access controls but, again, does not address the accountability issues.