Exam CISM topic 1 question 755 discussion

Boomer is correct, it is A, I was talking about security staff.

Answer should be A. C is talking about only security staff. Access is a big security program area to handle. The employment and Hiring process is a good venue to provide birthright access to new hires.

A. When information security program requirements are aligned with employment and staffing processes, it ensures that access to systems and information is appropriately granted based on the specific roles and responsibilities of employees. This alignment helps to enforce the principle of least privilege, where individuals are only given access to the information and resources necessary for their job functions. While reducing security staff turnover (option C) could be a benefit, it is not the primary benefit. The key objective is to ensure that access controls are properly implemented and managed according to the tasks that employees are expected to perform, which directly supports the security of the organization.

A. Access is granted based on task requirements. Aligning information security program requirements with employment and staffing processes ensures that individuals are granted access to specific resources and information based on their job roles and responsibilities. This helps in ensuring that only authorized personnel have access to sensitive data and systems, reducing the risk of data breaches and unauthorized access. This aligns with the principle of least privilege, where individuals are granted access only to the resources necessary for their specific tasks.

A. Access is granted based on task requirements.

C. Security staff turnover is reduced - When information security program requirements are aligned with employment and staffing processes, it helps ensure that new hires have the necessary skills, knowledge, and qualifications for their security-related roles. This can reduce turnover and help maintain a stable and skilled security workforce.