Question 1097 - CISM Certified Information Security Manager

Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application?

A. User security procedures
B. Business process flow
C. IT security policy
D. Regulatory requirements

Correct Answer: C

Explanation:

Explanation:
IT management should ensure that mechanisms are implemented in line with IT security policy. Procedures are determined by the policy. A user security procedure does not describe the access control mechanism in place. The business process flow is not relevant to the access control mechanism. The organization’s own policy and procedures should take into account regulatory requirements.

CISM Certified Information Security Manager

Tag: Question 1097

CISM Certified Information Security Manager – Question1097