Certified Information Security Manager (CISM) — Question 1174

An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations.
Which of the following is the BEST way to address this situation?

Answer options

• A. Publish an acceptable use policy and require signed acknowledgment.
• B. Turn on logging and record user activity.
• C. Communicate the responsibility and provide appropriate training.
• D. Implement a data loss prevention (DLP) solution.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of communication and training in ensuring that privileged users understand their responsibilities regarding information security. While the other options may contribute to security, they do not directly address the lack of awareness and knowledge that is crucial for these users to protect critical information effectively.