Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?
Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?
The most effective control in preventing the disclosure of an organization's confidential electronic information is limited access to information, based on employee duties. By restricting access to sensitive information only to employees who need it for their job responsibilities, the organization minimizes the risk of unauthorized disclosure. This approach ensures that only those with a legitimate need can access the information, which is a proactive and practical measure compared to other options such as non-disclosure agreements or user activity logs.
D is my answer as well. Any other thoughts? The most effective control in preventing the disclosure of an organization's confidential electronic information would be limited access to information based on employee duties. By restricting access to sensitive information only to employees who require it for their job responsibilities, the risk of unauthorized disclosure is minimized. This can be achieved by implementing proper access control measures, such as role-based access control or user-level permissions. Nondisclosure agreements between the firm and its employees (option A) can help establish legal consequences for disclosing confidential information, but they alone cannot prevent unauthorized access to such information.
How NDA is preventive? It should be D. Any thoughts?