An IS auditor is evaluating the security of an organization's data backup process, which includes the transmission of daily incremental backups to a dedicated offsite server.
Which of the following findings poses the GREATEST risk to the organization?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
As an IS auditor, evaluating the security of an organization's data backup process involves identifying any vulnerabilities or weaknesses in the backup process that could result in data loss or unauthorized access to sensitive information.
Out of the four findings listed, the one that poses the greatest risk to the organization is option A: Backup transmissions are not encrypted. This is because an attacker who intercepts the backup transmission could easily view or manipulate the data being transmitted, potentially leading to data breaches or other malicious activities.
Option B, backup transmissions occasionally fail, while not ideal, may not necessarily pose a significant risk if the organization has implemented appropriate measures to ensure backup data is still retrievable in the event of a failure.
Option C, data recovery testing conducted once per year, while not as frequent as ideal, still provides some level of assurance that backup data can be successfully restored in the event of a disaster or data loss event.
Option D, an incomplete archived data log, while potentially hindering an organization's ability to track changes or identify the source of any issues, is not likely to pose as great a risk as unencrypted backup transmissions.
Therefore, the lack of encryption for backup transmissions poses the greatest risk to the organization's data backup process.