CISM Certified Information Security Manager – Question0077

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?

A.
Ethics
B. Proportionality
C. Integration
D. Accountability

Correct Answer: B

Explanation:

Explanation:
Information security controls should be proportionate to the risks of modification, denial of use or disclosure of the information. It is advisable to learn if the job description is apportioning more data than are necessary for that position to execute the business rules (types of data access). Principles of ethics and integration have the least to do with mapping job description to types of data access. The principle of accountability would be the second most adhered to principle since people with access to data may not always be accountable but may be required to perform an operation.