A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.
In order to implement a true separation of duties approach the bank could:
A. Require the use of two different passwords held by two different individuals to open an account
B. Administer account creation on a role based access control approach
C. Require all new accounts to be handled by someone else other than a teller since they have different duties
D. Administer account creation on a rule based access control approach
There has to be a 2 step process. Create and approve. Separation of duties dictate those 2 steps must be done by different people. The only answer that specifies 2 different roles/people is A. By assigning the creation to someone else does not prevent accounts being created without approval. Answer has to be A
RM ansewer is the the correct one. since the company wants to implement separation of duties i.e role
Administer account creation on a role based access control approach