Certified Information Security Manager (CISM) — Question 91

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Answer options

• A. escalate concerns for conflicting access rights to management.
• B. review access rights as the acquisition integration occurs.
• C. implement consistent access control standards.
• D. perform a risk assessment of the access rights.

Correct answer: D

Explanation

The correct answer is D because performing a risk assessment allows the information security manager to identify and evaluate potential vulnerabilities related to access rights during the integration process. Options A and B do not proactively mitigate risks, and option C, while important, does not address the immediate need for understanding existing risks associated with access rights.