(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What security principle is illustrated when a manager must review and approve a security product purchase before it is made?

  1. Two-person integrity

  2. Segregation of duties

  3. Software

  4. Defense in depth

The correct answer is: Segregation of duties

The principle illustrated when a manager must review and approve a security product purchase before it is made is known as segregation of duties. This principle is designed to reduce the risk of fraud and errors by ensuring that no single individual has control over all aspects of a critical process. By requiring that a manager, who is independent of the purchasing process, review and approve purchases, organizations can enforce a checks-and-balances system. This minimizes the opportunity for misuse of resources and helps ensure that procurement decisions align with organizational policies and security requirements. Segregation of duties is a fundamental best practice in governance and risk management, as it promotes accountability and transparency within financial and operational processes. It is especially important in the context of cybersecurity, where the acquisition of security products directly impacts the organization's risk posture. The other choices, while relevant to security concepts, do not directly relate to the scenario of reviewing and approving purchases. For instance, two-person integrity typically refers to scenarios requiring two individuals to perform a significant task to prevent misconduct, whereas defense in depth involves layering multiple security measures to protect information. Software, on the other hand, denotes the applications in use and is not applicable in this specific context of purchase approval.

More Questions Like This