Certified Information Security Manager (CISM) — Question 476

An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?

Answer options

• A. Notify the CISO of the security policy violation.
• B. Perform a system access review.
• C. Perform a full review of all system transactions over the past 90 days.
• D. Immediately suspend the executives’ access privileges.

Correct answer: D

Explanation

The correct answer is D because immediately suspending the executives' access privileges is critical to prevent further unauthorized actions. The other options, while important, are reactive measures that do not directly address the immediate risk presented by the executives' ability to elevate their privileges.