Two security professionals discuss destruction authorization methods. Which statement is correct?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SFPC Information Security Test with our comprehensive quiz. Study using flashcards and multiple choice questions with hints and explanations. Ensure you are ready for the exam!

Multiple Choice

Two security professionals discuss destruction authorization methods. Which statement is correct?

Explanation:
Destruction authorization hinges on accountability and traceability. You want a process where disposal of sensitive assets is approved, recorded, and verifiable, so no single person can secretly dispose of something or claim it was destroyed when it wasn’t. If one professional describes requiring two independent approvals (dual control) and the other emphasizes keeping a formal record of who approved the destruction, the asset involved, and how it was carried out, both are solid, complementary controls. Dual control reduces the risk of misuse, while documentation and verification create an auditable trail that can be reviewed later. In practice, effective destruction authorization combines several elements: formal written approval from the appropriate data or asset owner, separation of duties so the person who approves isn’t the one who performs the destruction, and a verifiable record showing what was destroyed, when, by whom, and by what method. Some methods also require witnesses or additional sign-off, and the destruction method must be appropriate for the data type and asset. Therefore, describing valid aspects of both authorization and documentation/verification explains why both statements align with proper destruction controls, making the combined view correct.

Destruction authorization hinges on accountability and traceability. You want a process where disposal of sensitive assets is approved, recorded, and verifiable, so no single person can secretly dispose of something or claim it was destroyed when it wasn’t.

If one professional describes requiring two independent approvals (dual control) and the other emphasizes keeping a formal record of who approved the destruction, the asset involved, and how it was carried out, both are solid, complementary controls. Dual control reduces the risk of misuse, while documentation and verification create an auditable trail that can be reviewed later.

In practice, effective destruction authorization combines several elements: formal written approval from the appropriate data or asset owner, separation of duties so the person who approves isn’t the one who performs the destruction, and a verifiable record showing what was destroyed, when, by whom, and by what method. Some methods also require witnesses or additional sign-off, and the destruction method must be appropriate for the data type and asset.

Therefore, describing valid aspects of both authorization and documentation/verification explains why both statements align with proper destruction controls, making the combined view correct.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy