nerdexam
PeopleCert

ITIL · Question #533

Access management is responsible for implementing policies defined in which process?

The correct answer is B. Information security management. Access Management operationally implements the access control policies that are defined by Information Security Management.

Processes

Question

Access management is responsible for implementing policies defined in which process?

Options

  • AService portfolio management
  • BInformation security management
  • CChange management
  • DProblem management

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    94% (30)
  • C
    3% (1)

Why each option

Access Management operationally implements the access control policies that are defined by Information Security Management.

AService portfolio management

Service Portfolio Management governs the service portfolio across the service lifecycle and does not define access control or security policies.

BInformation security managementCorrect

Information Security Management is responsible for defining the organization's overall security policies, including those governing who may access which services and data. Access Management then takes those policies and operationally enforces them by granting, modifying, and revoking user access rights. This division ensures that access controls remain consistent with the organization's broader security requirements and governance framework.

CChange management

Change Management controls the lifecycle of changes to IT services and infrastructure, not the policies governing user access rights.

DProblem management

Problem Management focuses on identifying and eliminating root causes of incidents and does not define or own access control policies.

Concept tested: ITIL Access Management and Information Security Management relationship

Source: https://www.axelos.com/certifications/itil-service-management/itil-4-foundation

Topics

#access management#information security management#process interface#policies

Community Discussion

No community discussion yet for this question.

Full ITIL Practice