Certified Information Security Manager (CISM) — Question 629

Implementing the principle of least privilege PRIMARILY requires the identification of:

Answer options

• A. job duties.
• B. primary risk factors.
• C. authentication controls.
• D. data owners.

Correct answer: A

Explanation

The correct answer is A because understanding job duties is crucial for assigning the appropriate level of access to individuals, ensuring they only have permissions necessary for their roles. The other options, while important in security, do not directly address the core requirement of identifying access needs based on specific job functions.