Isaca Certified in Risk and Information Systems Control CRISC Question # 257 Topic 26 Discussion
CRISC Exam Topic 26 Question 257 Discussion:
Question #: 257
Topic #: 26
An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?
A.
Enforce criminal background checks.
B.
Mask customer data fields.
C.
Require vendor to sign a confidentiality agreement.
D.
Restrict access to customer data on a "need to know'' basis.
According to the Hierarchy of Controls, the most effective way to prevent and control hazards is to eliminate them or substitute them with safer alternatives. In this case, the hazard is the potential leakage of customer data by the vendor. Therefore, the most effective control would be to eliminate or substitute the customer data with masked or anonymized data fields. This would prevent the vendor from accessing or disclosing any sensitive or identifiable information about the customers. Masking customer data fields is an example of an engineering control, which reduces or prevents hazards from coming into contact with workers or third parties. References = Hierarchy of Controls, 5 Risk Control Measures In The Workplace
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit