Certified Information Security Manager (CISM) — Question 260

An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?

Answer options

• A. Policy exception review
• B. Review of access controls
• C. Security assessment
• D. Log review

Correct answer: D

Explanation

The correct answer is D, as log review enables the organization to track user activities and identify any unauthorized actions taken by privileged users. The other options, while important for overall security, do not directly focus on monitoring user activity and thus would be less effective in pinpointing misuse.