ITIL · Question #533
Access management is responsible for implementing policies defined in which process?
The correct answer is B. Information security management. Access Management operationally implements the access control policies that are defined by Information Security Management.
Question
Access management is responsible for implementing policies defined in which process?
Options
- AService portfolio management
- BInformation security management
- CChange management
- DProblem management
How the community answered
(32 responses)- A3% (1)
- B94% (30)
- C3% (1)
Why each option
Access Management operationally implements the access control policies that are defined by Information Security Management.
Service Portfolio Management governs the service portfolio across the service lifecycle and does not define access control or security policies.
Information Security Management is responsible for defining the organization's overall security policies, including those governing who may access which services and data. Access Management then takes those policies and operationally enforces them by granting, modifying, and revoking user access rights. This division ensures that access controls remain consistent with the organization's broader security requirements and governance framework.
Change Management controls the lifecycle of changes to IT services and infrastructure, not the policies governing user access rights.
Problem Management focuses on identifying and eliminating root causes of incidents and does not define or own access control policies.
Concept tested: ITIL Access Management and Information Security Management relationship
Source: https://www.axelos.com/certifications/itil-service-management/itil-4-foundation
Topics
Community Discussion
No community discussion yet for this question.