The most effective way to prevent the unauthorized disclosure of confidential information is to limit access based on employee roles and duties. This follows the principle of least privilege (PoLP), ensuring that employees only access the data necessary for their job functions.
(A) Nondisclosure agreements between the firm and its employees. ❌
Incorrect. While NDAs help deter leaks, they do not prevent unauthorized access to information. An employee who signs an NDA can still access and leak data.
(B) Logs of user activity within the information system. ❌
Incorrect. Activity logs help detect and investigate breaches but do not actively prevent unauthorized disclosure.
(C) Two-factor authentication for access into the information system. ❌
Incorrect. While two-factor authentication enhances system security, it does not prevent employees with authorized access from leaking confidential data.
(D) Limited access to information, based on employee duties. ✅
Correct. Role-based access control (RBAC) ensures that employees only access the information necessary for their job responsibilities, reducing the risk of leaks.
IIA GTAG "Identity and Access Management" highlights restricted access as the most effective control for preventing unauthorized disclosure of confidential data.
IIA GTAG – "Identity and Access Management"
IIA Standard 2120 – Risk Management (Data Protection Controls)
COBIT Framework – Information Security and Access Control
Analysis of Answer Choices:IIA References:Thus, the correct answer is D (Limited access to information, based on employee duties), as restricting access is the most effective preventive control against data disclosure.
