An IS auditor finds that database administrators regularly use shared administrative accounts rather than individual accounts. What is the MOST significant control deficiency?

Home › MCQs › CISA › Question #6828

CISA QUESTION #6828

Question 1

Inefficient password management
Lack of individual accountability and inability to attribute actions to specific individuals✔️
Violation of policy
Increased security costs

Correct Answer Explanation

Shared accounts eliminate individual accountability—a fundamental security and auditing principle. When multiple people use the same credentials, it becomes impossible to determine who performed specific actions, preventing investigation of incidents, fraud detection, and establishing non-repudiation.

More Options