Certified Information Security Manager (CISM) — Question 851

When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:

Answer options

• A. by the use of a remote access server.
• B. if a robust IT infrastructure exists.
• C. subject to legal and regulatory requirements.
• D. on a need-to-know basis subject to controls.

Correct answer: D

Explanation

The most crucial aspect of granting remote access is ensuring that it is done on a need-to-know basis with controls in place to protect sensitive information. This minimizes the risk of unauthorized access. The other options, while important, do not prioritize the security measures necessary for protecting the internal network.