In an IT organization where many responsibilities are shared, which of the following is the BEST control for detecting unauthorized data changes?
In an IT organization where many responsibilities are shared, which of the following is the BEST control for detecting unauthorized data changes?
The best control for detecting unauthorized data changes in an IT organization where many responsibilities are shared is having data changes independently reviewed by another group. This ensures an objective and separate oversight, which can more effectively identify discrepancies or anomalies that might indicate unauthorized changes. It adds a critical layer of verification by involving an independent set of eyes, thereby reducing the risk of collusion or oversight that can occur with internal self-reviews.
Option D directly addresses the detection of unauthorized data changes by having a separate group or individual review the changes independently. This independent review can help identify discrepancies or anomalies that may indicate unauthorized access or alterations to data, providing an effective control for detecting unauthorized changes. Option C poses a Self-review threat since it is responsibility that is shared, not simply access.
D. Data changes are independently reviewed by another group.
One might be tempted to choose C. But C. is not a control, i.e. logging per se is not yet a control. It only becomes part of a control with the review, but the actual control here is the review. So the correct answer is D. Data changes are independently reviewed by another group.
Data are logged into another application to be reviewed. If it’s independently reviewed by another group, logs can be tampered with. C is the answer
if logs are store in an immutable storage, reviewing them won't bring any risk of being tampered
Data are logged into another application to be reviewed. If it’s independently reviewed by another group, logs can be tampered with. C is the answer
if logs are store in an immutable storage, reviewing them won't bring any risk of being tampered