Certified Information Security Manager (CISM) — Question 413

A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?

Answer options

• A. Review customers’ security policies.
• B. Design single sign-on (SSO) or federated access.
• C. Develop access control requirements for each system and application.
• D. Conduct a risk assessment to determine security risks and mitigating controls.

Correct answer: D

Explanation

The correct answer is D because conducting a risk assessment helps identify potential security threats and the necessary controls to mitigate them, which is crucial for a data-hosting organization. Options A, B, and C, while important, do not directly address the need to assess and respond to specific risks associated with physical access control.