Certified Information Security Manager (CISM) — Question 1163

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Answer options

• A. Security policies
• B. Automated controls
• C. Guidelines
• D. Standards

Correct answer: D

Explanation

The correct answer is D, as standards provide specific requirements that ensure uniformity in processes such as user account setups. While security policies, automated controls, and guidelines are important, they do not offer the same level of detail and enforceability needed to standardize user account creation.