Which activity performed by a database administrator should be separated to ensure proper controls?

The separation of duties is a fundamental principle in information security that helps prevent fraud and errors by ensuring that no individual has control over all aspects of any critical function. In the context of database administration, certain activities pose significant risks if controlled by a single person.

Deleting database activity logs is a sensitive task since these logs capture critical information about database operations, including potential unauthorized access or anomalies in activity. If an administrator is responsible for both maintaining these logs and has the ability to delete them, there exists a risk of malicious behavior or accidental loss of vital evidence for audits and investigations. By separating the responsibility for deleting logs from other database administration activities, an organization can put in place checks and balances that reduce the chance of abuse and ensure that any alterations to log data are subject to oversight.

Other options, while they may involve important tasks performed by a database administrator, do not carry the same critical risk of compromising security and audit trails if performed without an adequate separation of duties. For instance, implementing database optimization tools and monitoring database usage are more about performance and operational aspects rather than security-sensitive actions. Similarly, defining backup and recovery procedures is crucial, but this does not present the same risk associated with log deletion, where access to historical records could be misused.

Thus