Here are the answers to the questions in Chapter 4:
What is the most important aspect of performing an evaluation of information security controls on a process or system?
Ensuring that the best practice control techniques are being utilized properly
Understanding the businesses functional requirements of the process to ensure that they can be accomplished
Ensuring that the deployed controls work as part of the overall security architecture program
Making sure that access is strictly controlled based on a need to know
The correct answer is B. Best practice control techniques properly utilized (A) will need to be applied relative to the business needs, and they cannot be deployed without considering the goals of the business and the security control parameters that the business process places on the system. It also is important to ensure that the security controls used work well together and compliment other controls used in the architecture providing defense in depth (C), but not without first considering the business goals to ensure the business needs are met. Restricting access based on a need to know (D) also is an important concept and will be a secondary step to ensuring access control that will follow from first understanding the business needs. Those needs define the need to know for the system's users.
The concept of data integrity implies that
Access has not been given to those who do not have a need to know
Data can be ...