Preventing security breaches requires proactive security controls, and the approval of identity requests ensures that only authorized individuals gain access to systems and data.
Types of Security Controls:
Preventive Controls (Stop security incidents before they happen)
Detective Controls (Identify security breaches after they occur)
Corrective Controls (Address security issues after detection)
Why Identity Request Approval is the Most Effective Preventive Control?
User access approval ensures that only verified personnel receive credentials.
According to IIA GTAG on Identity and Access Management, user provisioning must follow strict approval workflows to prevent unauthorized access.
By restricting access before a breach occurs, organizations reduce risks related to insider threats, phishing attacks, and credential misuse.
Why Not Other Options?
B. Access Logging:
Access logs record activity but do not prevent security breaches.
C. Monitoring Privileged Accounts:
Monitoring privileged accounts helps detect suspicious activity but does not stop unauthorized access beforehand.
D. Audit of Access Rights:
Regular audits ensure compliance but do not actively prevent unauthorized access in real-time.
IIA GTAG – Identity and Access Management
IIA Standard 2120 – Risk Management and IT Controls
COBIT 2019 – Access Control and Security Management
Step-by-Step Justification:IIA References:Thus, the correct and verified answer is A. Approval of identity request.
