Isaca Certified in Risk and Information Systems Control CRISC Question # 289 Topic 29 Discussion
CRISC Exam Topic 29 Question 289 Discussion:
Question #: 289
Topic #: 29
An automobile manufacturer is considering implementing an Internet of Things (IoT) network to improve customer service by collecting customer and vehicle data. Which of the following would be the risk practitioner’s BEST recommendation?
A.
Establish secure design and coding practices for the IoT network and devices
B.
Conduct a pilot program before implementing the IoT network and devices
C.
Ensure backward compatibility of IoT devices with previous generations of vehicles
D.
Provide a range of IoT device options and configurations for customers
Thegreatest inherent riskin IoT adoption is the potential for vulnerabilities within device software and connectivity. Thebest way to reduce this riskis to implementsecure-by-design and secure-coding practicesfrom the outset.
CRISC guidance:
“For emerging technologies such as IoT, risk mitigation begins with embedding secure design, coding, and configuration practices throughout the development lifecycle.”
Pilot testing is beneficial but occurs later; secure design is foundational.
Hence,Ais correct.
CRISC Reference:Domain 3 – Risk Response and Mitigation, Topic: Secure System Development and Emerging Technologies.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit