Certified Information Security Manager (CISM) — Question 117

Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?

Answer options

• A. Applying data classification rules
• B. Following the principle of least privilege
• C. Restricting the use of removable media
• D. Enforcing penalties for security policy violations

Correct answer: B

Explanation

The principle of least privilege ensures that individuals have the minimum access necessary to perform their job functions, significantly reducing the risk of unauthorized access to confidential information. While applying data classification rules, restricting removable media use, and enforcing penalties can contribute to security, they do not address access control as effectively as the least privilege principle.