CISM Certified Information Security Manager – Question1148 - CISM Certified Information Security Manager

Data owners will determine what access and authorizations users will have by:

A. delegating authority to data custodian.
B. cloning existing user accounts.
C. determining hierarchical preferences.
D. mapping to business needs.

Correct Answer: D

Explanation:

Explanation:
Access and authorizations should be based on business needs. Data custodians implement the decisions made by data owners. Access and authorizations are not to be assigned by cloning existing user accounts or determining hierarchical preferences. By cloning, users may obtain more access rights and privileges than is required to do their job. Hierarchical preferences may be based on individual preferences and not on business needs.