Certified Information Security Manager (CISM) — Question 1125

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Answer options

• A. Eliminate privileged accounts.
• B. Perform periodic certification of access to privileged accounts.
• C. Provide privileged account access only to users who need it.
• D. Frequently monitor activities on privileged accounts.

Correct answer: C

Explanation

The correct answer is C, as granting privileged account access only to those who need it minimizes the number of users with elevated privileges, thereby reducing potential security risks. Option A is not practical, as some privileged accounts are necessary for operations. Option B, while important, is a secondary measure and does not prevent access issues at the outset. Option D focuses on monitoring rather than prevention, which is reactive rather than proactive.