Consensus here and with GPT is D because DETERMINATION would come from the business management side. Otherwise ENFORCEMENT, etc., would come from AIM, etc.
In practice, a collaborative approach that involves these parties working together is often the most effective way to determine access levels for an application processing client information. This approach helps strike a balance between business needs, security requirements, and regulatory compliance.
The order of implementation should be as follow A>C>D>B
The other options are incorrect because:
B. The business client does not have the expertise or knowledge to assess the risks involved in determining access levels.
C. The information security team can provide input into the decision-making process, but they should not have the final say.
D. Business unit management is responsible for the overall business, but they should not be involved in the technical aspects of determining access levels.
It's nice to have your opinion but what is the right answer ? I mean ISACA response is the only one that matters.
I start thinking that this site is creating more confusion
It's only creating confusion if you are trying to cheat your way to CISM. These discussions are absolutely invaluable because they are the closest thing to "learning in a group". People sharing their views and educated guesses.
Only those who are trying to braindump the exam are complaining. Cheaters shouldn't pass the exam anyway.
It's only creating confusion if you are trying to cheat your way to CISM. These discussions are absolutely invaluable because they are the closest thing to "learning in a group". People sharing their views and educated guesses.
Only those who are trying to braindump the exam are complaining. Cheaters shouldn't pass the exam anyway.
business unit management (option D) should be responsible for determining access levels to an application that processes client information. Their understanding of the business context, ownership of outcomes, and contextual knowledge of the data make them best suited to make informed decisions about access rights within their respective business units.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Y0GA
5 months, 1 week agoMarcelus1714
8 months, 1 week agoSalilgen
7 months agoSoleandheel
10 months, 4 weeks agooluchecpoint
1 year, 1 month agoafc1019
1 year, 2 months agoAXL1
1 year, 2 months agoAlexJacobson
8 months, 3 weeks agorichck102
1 year, 3 months agoAlexJacobson
8 months, 3 weeks agoAlexJacobson
8 months, 3 weeks agokaranvp
1 year, 3 months agoDopy
1 year, 3 months agoTia33
1 year, 4 months agowello
1 year, 4 months ago