Certified Information Security Manager (CISM) — Question 286

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Answer options

• A. Access manager
• B. System administrator
• C. Business owner
• D. IT director

Correct answer: C

Explanation

The Business owner is best suited for validating user access requirements as they have a comprehensive understanding of the business needs and user roles. Access managers, system administrators, and IT directors may not have the same level of insight into specific access needs tied to business objectives.