CISM Certified Information Security Manager – Question0965 - CISM Certified Information Security Manager

To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:

A. set their accounts to expire in six months or less.
B. avoid granting system administration roles.
C. ensure they successfully pass background checks.
D. ensure their access is approved by the data owner.

Correct Answer: B

Explanation:

Explanation:
Contract personnel should not be given job duties that provide them with power user or other administrative roles that they could then use to grant themselves access to sensitive files. Setting expiration dates, requiring background checks and having the data owner assign access are all positive elements, but these will not prevent contract personnel from obtaining access to sensitive information.