(ISC)2 Certified in Cybersecurity Practice Exam

What practice minimizes insider threats by ensuring that no single individual can complete a critical process?

• A. Access Control
• B. Segregation of Duties
• C. Joint Tasking
• D. Collusion Prevention

The correct answer is: Segregation of Duties

The practice that effectively minimizes insider threats by ensuring that no single individual can complete a critical process is the segregation of duties. This principle requires that critical tasks be divided among multiple individuals to reduce the risk of fraud and errors, as it makes it difficult for any one person to manipulate a process for personal gain without collusion with others. For example, in a financial context, segregation of duties would involve different individuals being responsible for approving transactions, processing payments, and reconciling accounts. This division acts as a check against potential misconduct, as it requires cooperation and oversight from multiple parties, which complicates an individual’s ability to carry out malicious activities without detection. Other options such as access control focus primarily on limiting access to information or systems but do not inherently prevent a single individual from completing an entire critical process. Joint tasking involves collaboration but does not necessarily address the issue of separating key responsibilities. Collusion prevention relates to reducing the likelihood of two or more individuals conspiring, but without proper segregation of duties, the risk remains that an insider can complete critical tasks without oversight or checks. Therefore, segregation of duties is the most effective practice listed for minimizing insider threats.