An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?
An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?
To improve the effectiveness of segregation of duties (SoD) within an ERP system, the best approach is to review employee responsibilities and ERP access profiles proactively. By differentiating mission-critical activities from system support activities, it becomes possible to ensure that no single individual has control over all critical aspects of a business process, thereby reducing the risk of fraud or error. This method focuses on the proper allocation of duties, directly addressing potential SoD violations and aligning with current job functions.
D is correct. Reviewing ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities is a good practice to ensure that employees have access only to the data and functionality they need to perform their job duties. However, it does not directly address SoD and may not be effective in preventing SoD violations.
D is correct
I agree with D, I was going with C but the word "existing" tells me previous or past tense, meaning that responsibilities could have changed and least privilege rule may cause issues. D shows an active real time analysis of current responsibilities matching job duties
the queationwas asking which one wuld best improve SoD. keyword-Improve. how to improve? first, Review ERP profiles basd on empoee responsibilities, also enforce extra menasure : least privilege. this is called improve. A&D - No improve, B- has MFA as extra measure but MFA was for authenticaiton. nothing to dowith SoD.
Although CISSP does like audits very much, an audit that covers access and activity (and not job functions) is probably not enough. Also independant team is somewhat vague. We need auditors for an audit, internal or external.
D is probably correct BUT D states specifics. I was advised in the CISSP course to go for general overall answers. C seems better since it's not as specific and mentions the right terms. Also, D lists mission and system support, but there are more duties that need to be separated. D also talks about reviewing duties and access in the ERP system, but the question only talks about ERP. It just seems like D is there to throw you off.
D. Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities........seems to make more sense than C.
D is correct. C is incorrect because it is really not doing anything to change anything from the current environment, thus by default, it cannot improve it.