Certified Information Security Manager (CISM) — Question 139

Which of the following is the BEST way to prevent insider threats?

Answer options

• A. Implement strict security policies and password controls.
• B. Conduct organization-wide security awareness training.
• C. Enforce segregation of duties and least privilege access.
• D. Implement logging for all access activities.

Correct answer: C

Explanation

Enforcing segregation of duties and least privilege access minimizes the risk of insider threats by ensuring that no single individual has control over all aspects of sensitive operations. Although strict security policies, training, and logging are important, they do not directly limit access and control like option C does, making it the best choice.