Certified Information Security Manager (CISM) — Question 102

An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers, and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

Answer options

• A. Separate security controls for applications, platforms, programs, and endpoints
• B. Multi-factor login requirements for cloud service applications, timeouts, and complex passwords
• C. Deployment of nested firewalls within the infrastructure
• D. Strict enforcement of role-based access control (RBAC)

Correct answer: A

Explanation

The correct answer is A because a defense in depth strategy involves implementing multiple layers of security controls across various components to enhance protection. Options B, C, and D represent specific security measures but do not encompass the broader concept of having distinct security controls across the entire infrastructure.