CompTIA CASP+ Exam: CAS-003 BIA for Acquisition | CISO Concerns

CISO Concerns for CRM Service Integration in an Acquisition

Question

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services.

The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution.

With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AD.

The Chief Information Security Officer (CISO) should be most concerned about the following two items:

A. Data remnants: When moving from one system to another, data remnants may be left behind, which are remnants of data that were not completely deleted or cleaned up. This can be a security risk, as sensitive information may still be accessible and vulnerable to unauthorized access. In this scenario, the IT integration team should ensure that all data remnants are properly deleted or sanitized before moving the data to the new in-house CRM system.

B. Sovereignty: Outsourcing CRM services to third-party cloud providers raises concerns about data sovereignty, which refers to the rights and control of data. Different countries and jurisdictions have different laws and regulations governing data privacy, security, and protection. In this scenario, if the two companies are outsourcing to competing and incompatible third-party cloud services, there may be conflicting data sovereignty issues. Therefore, the CISO should ensure that the new in-house CRM system complies with all applicable laws and regulations governing data sovereignty.

The other options are less relevant in this scenario:

C. Compatible services: The question states that the two companies outsource CRM services to competing and incompatible third-party cloud services, so compatibility is not an issue.

D. Storage encryption: While storage encryption is important, it is not specifically related to the scenario of bringing the CRM service in-house.

E. Data migration: Data migration is important, but it is a technical concern that is typically addressed by the IT integration team, not the CISO.

F. Chain of custody: Chain of custody is important for maintaining the integrity and authenticity of evidence in legal or forensic investigations, but it is not directly related to the scenario of bringing the CRM service in-house.