Isaca Certified in Risk and Information Systems Control CRISC Question # 523 Topic 53 Discussion
CRISC Exam Topic 53 Question 523 Discussion:
Question #: 523
Topic #: 53
Which of the following should be the PRIMARY consideration when assessing the risk of using Internet of Things (loT) devices to collect and process personally identifiable information (PII)?
Local laws and regulations should be the primary consideration when assessing the risk of using IoT devices to collect and process PII, because they define the legal obligations and liabilities of the organization and the individuals involved. Non-compliance with local laws and regulations can result in fines, lawsuits, reputational damage, and loss of trust. Therefore, it is essential to understand and adhere to the applicable laws and regulations in the jurisdictions where the IoT devices operate and where the PII is stored, processed, and transferred.
References
•Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
•The Internet of Things (IoT) and Digitally Stored PII: Avoidable or Inevitable?
•Security Issues in IoT: Challenges and Countermeasures
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit