According to IIA guidance,when performing a compliance audit of data security standards for a large e-commerce retailer, which of the following would represent the least likely area of risk exposure?
A. Operational risks
✅ Relevant
Include process failures, system outages, or human error affecting data confidentiality, integrity, or availability.
Very important in online retail where 24/7 uptime is critical.
B. Change or configuration risks
✅ Highly relevant
Misconfigured systems or unauthorized changes can create vulnerabilities or violate security standards like PCI DSS.
This is a common source of data breaches.
C. Access risks
✅ Critical
Unauthorized or excessive access to systems or databases is a major data security risk.
Identity and access management (IAM) is often a focal point in data security audits.
D. Physical security risks
🚫 Least likely
While still important (e.g., server room access), this is less critical in e-commerce, where infrastructure may be hosted in cloud environments or managed by third parties.
Physical access to servers is often separated from logical/data access in modern IT setups.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kozy
2 weeks agohshokry
8 months, 3 weeks ago