Certified Information Security Manager (CISM) — Question 652

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Answer options

• A. Delegate the management of access permissions to an independent third party
• B. Review access permissions annually or whenever job responsibilities change
• C. Lock out accounts after a set number of unsuccessful login attempts
• D. Enable multi-factor authentication on user and admin accounts

Correct answer: B

Explanation

The correct answer is B because regularly reviewing access permissions ensures that they remain aligned with current job responsibilities and data classification needs. Option A is incorrect as delegating access management to a third party may reduce oversight. Option C pertains to security but does not directly manage user access permissions. Option D enhances security but does not address the management of access permissions.