Certified Information Security Manager (CISM) — Question 1084

Which of the following is the BEST approach for data owners to use when defining access privileges for users?

Answer options

• A. Implement an identity and access management (IDM) tool.
• B. Adopt user account settings recommended by the vendor.
• C. Perform a risk assessment of the users' access privileges.
• D. Define access privileges based on user roles.

Correct answer: D

Explanation

Defining access privileges based on user roles (D) ensures that users have the appropriate permissions aligned with their job functions, enhancing security and efficiency. While implementing an IDM tool (A) can be beneficial, it does not inherently address the specific needs of user roles. Adopting vendor-recommended settings (B) may not fit the unique requirements of the organization, and performing a risk assessment (C) is important but not the primary method for establishing access privileges.