Certified Information Security Manager (CISM) — Question 228

Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

Answer options

• A. Create a data classification policy.
• B. Implement role-based access controls.
• C. Require the use of login credentials and passwords.
• D. Conduct information security awareness training.

Correct answer: B

Explanation

Implementing role-based access controls (RBAC) ensures that only authorized users can access specific data based on their roles, effectively minimizing the risk of data leakage. While creating a data classification policy, requiring login credentials, and providing security training are all important, they do not directly restrict access to confidential data as effectively as RBAC does.