Isaca Certified in Risk and Information Systems Control CRISC Question # 152 Topic 16 Discussion
CRISC Exam Topic 16 Question 152 Discussion:
Question #: 152
Topic #: 16
A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?
A.
Implement a tool to create and distribute violation reports
B.
Raise awareness of encryption requirements for sensitive data.
C.
Block unencrypted outgoing emails which contain sensitive data.
D.
Implement a progressive disciplinary process for email violations.
According to the CRISC Review Manual (Digital Version), the most effective approach to mitigate the risk associated with data loss due to users sending sensitive information by email without using encryption is to block unencrypted outgoing emails which contain sensitive data. This is an example of a risk avoidance strategy, which aims to eliminate the risk by removing the source of the risk or the activity that causes the risk. Blocking unencrypted outgoing emails which contain sensitive data can prevent unauthorized access, disclosure, modification or destruction of the sensitive information, and thus protect the confidentiality, integrity and availability of the data. This approach can also deter users from violating the encryption policy and enforce compliance with the security standards and regulations.
References = CRISC Review Manual (Digital Version), Chapter 3: IT Risk Response, Section 3.3: Risk Response Options, pp. 167-1681
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit