A review of an organization's controls has determined its data loss prevention (DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?
Sorry, 'B', reason:
Residual risk is the level of risk that remains after controls have been implemented to mitigate inherent risk. In this case, the failure of the DLP system to detect outgoing emails containing credit card data would mean that the residual risk of credit card data leakage would be higher than anticipated, as the control (the DLP system) is not working as intended.
Without compensating controls, the organization's risk exposure to data loss through outgoing emails containing credit card data would be higher than if compensating controls were in place. Therefore, the inherent risk would be higher in this scenario. The residual risk would depend on the effectiveness of the action plan to address the control deficiency and any compensating controls that are implemented.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
9 months, 3 weeks agojohn_boogieman
10 months, 4 weeks agojohn_boogieman
10 months, 4 weeks ago