CISM Certified Information Security Manager – Question0522

An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

A.
Multi-factor login requirements for cloud service applications, timeouts, and complex passwords
B. Deployment of nested firewalls within the infrastructure
C. Separate security controls for applications, platforms, programs, and endpoints
D. Strict enforcement of role-based access control (RBAC)

Correct Answer: C