CISM Certified Information Security Manager – Question0554

An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?

A.
Develop a control procedure to check content before it is published.
B. Change organization policy to allow wider use of the new web site.
C. Ensure that access to the web site is limited to senior managers and the board.
D. Password-protect documents that contain confidential information.

Correct Answer: D