Question 471 of 500 from exam CRISC: Certified Risk and Information Systems Control
Question
An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data.
Which of the following provides the BEST input to assess the inherent risk impact?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
When assessing the inherent risk impact in an organization operating in a jurisdiction where heavy fines are imposed for leakage of customer data, it is important to consider various factors that could contribute to the risk of such an event occurring.
Out of the options provided, the BEST input to assess the inherent risk impact would be the number of encrypted customer databases (option C).
Here's why:
A. Number of customer records held: While the number of customer records held could be a useful metric to consider, it doesn't necessarily provide insight into the level of risk associated with leakage of customer data. For example, a small organization that holds a relatively small number of customer records could still be at high risk if those records contain highly sensitive information.
B. Number of databases that host customer data: Similarly, the number of databases that host customer data doesn't necessarily provide insight into the level of risk associated with leakage of customer data. For example, an organization could have only one database that hosts customer data but if that database is poorly secured, it could still be at high risk of a data breach.
C. Number of encrypted customer databases: The number of encrypted customer databases is a more useful metric to consider as it provides insight into the level of security that has been implemented to protect customer data. Encryption is a powerful tool for protecting data as it renders the data useless to anyone who doesn't have the encryption key. Therefore, the more encrypted customer databases an organization has, the lower the inherent risk of a data breach.
D. Number of staff members having access to customer data: The number of staff members having access to customer data is also an important consideration, but it doesn't necessarily provide insight into the level of risk associated with a data breach. For example, an organization could have only a few staff members who have access to customer data but if those staff members are not properly trained in data security protocols, the risk of a data breach could still be high.
In conclusion, while all of the options provided could provide some insight into the inherent risk impact of a data breach, the number of encrypted customer databases (option C) is the BEST input to assess the inherent risk impact.
