Certified Information Security Manager (CISM) — Question 69

What is the FIRST line of defense against criminal insider activities?

Answer options

• A. Signing security agreements by critical personnel
• B. Stringent and enforced access controls
• C. Validating the integrity of personnel
• D. Monitoring employee activities

Correct answer: C

Explanation

Validating the integrity of personnel is crucial as it helps in ensuring that individuals with access to sensitive information are trustworthy. While stringent access controls and monitoring are important, they are not the first line of defense, as they do not address the potential risks posed by insiders who may compromise security from within.