Choice "C" is correct. The information officer needs to know about position promotions, demotions or lateral moves. From a productivity standpoint, it is important to have procedures in place to address promotions, lateral moves, or demotions within the company. If job/roles change and access doesn't, the employee may not be able to perform new job functions since unrevised access rights associated may no longer be appropriate.
Also, if access needed for a previous position is not removed, a single individual could have access to incompatible areas of the system, thus compromising segregation of duties.Choice "a" is incorrect. Human Resources is generally the authoritative source on official changes in position or employment status. Coordination of employee status with IT allows for more effective limitation of employee access.
Choice "b" is incorrect. The Information Security Officer will not be involved in all user accounts but may have increased involvement depending on the level and scope of access granted.
Choice "d" is incorrect. User accounts are often the first target of a hacker who has gained access to an organization's network.
