Certified Information Security Manager (CISM) — Question 565

Which of the following would be MOST helpful when determining appropriate access controls for an application?

Answer options

• A. Industry best practices
• B. Gap analysis results
• C. End-user input
• D. Data criticality

Correct answer: D

Explanation

The correct answer is D, as understanding the criticality of the data helps prioritize access controls based on the sensitivity and importance of the information. While industry best practices, gap analysis, and end-user input are also important, they do not directly inform the level of access that should be granted based on data impact.