CISM Certified Information Security Manager – Question1097
Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application? A. User security procedures B. Business process flow C. IT security policy D. Regulatory requirements
Correct Answer: C
Explanation:
Explanation:
IT management should ensure that mechanisms are implemented in line with IT security policy. Procedures are determined by the policy. A user security procedure does not describe the access control mechanism in place. The business process flow is not relevant to the access control mechanism. The organization’s own policy and procedures should take into account regulatory requirements.
Please disable your adblocker or whitelist this site!