Which preventive administrative control should be considered when drafting authentication and authorization policies to prevent fraud by breaking high-risk functions into smaller parts?

• A. Separation of Duties
• B. Least Privilege
• C. Access Control List
• D. Role-Based Access Control

Answer: (A)

Separating duties is a preventive administrative control that splits high‑risk tasks among multiple people to prevent fraud or errors. In authentication and authorization policies, this means no single person can complete all steps of a sensitive process; for example, one person requests access, another reviews and approves it, and a third grants or reconcil es the privileges, with a separate party handling auditing. This creates checks and balances and raises accountability, making it much harder for someone to execute fraud single‑handedly. While least privilege reduces what a person can do, it doesn’t inherently force multiple hands on a high‑risk function. Access control mechanisms like ACLs or RBAC determine who can do what, but they don’t by themselves enforce the division of duties across steps of a process.