Certified Information Security Manager (CISM) — Question 1137

Which of the following processes should remain internal when outsourcing IT operations?

Answer options

• A. Authorization management
• B. Data encryption
• C. Log monitoring
• D. Incident management

Correct answer: A

Explanation

Authorization management is critical for maintaining control over user access and permissions, making it essential to keep it internal. The other processes, while important, can be effectively managed by external vendors without compromising security and control.