Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?
A.
Reviewing and updating access controls in response to changes in organizational structure
B.
Implementing strong password policies and enforcing regular password changes
C.
Ensuring access is granted to only those individuals whose job functions require it
D.
Implementing strong encryption protocols to protect sensitive data
The principle of least privilege—ensuring access is granted only to those whose job functions require it—is the primary control for securing data, especially in cloud environments.
“Access to information and systems should be based on the principles of least privilege and need to know, regardless of environment.”
— CISM Review Manual 15th Edition, Chapter 3: Information Security Program Development and Management, Section: Access Control Management
ISACA’s CISM practice questions consistently highlight this principle as central to effective cloud security.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit