Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?
A.
Globally accepted privacy best practices
B.
Historical privacy breaches and related root causes
While globally accepted privacy best practices, historical privacy breaches and related root causes, and benchmark studies of similar organizations can provide valuable insights and guidance, they may not fully reflect the specific legal requirements and standards that apply to the organization in its local context.
Local privacy standards and regulations provide specific legal requirements and guidelines that organizations must adhere to regarding the handling, processing, and protection of personal data. These standards often outline the necessary elements and principles that a privacy policy should address, ensuring compliance with applicable laws and regulations. Therefore, they serve as a foundational reference point for evaluating the adequacy of an organization's privacy policy, as they provide the legal framework within which the organization operates regarding privacy matters. While globally accepted privacy best practices, historical breaches, and benchmark studies can offer valuable insights, local privacy standards and regulations are the most direct and authoritative source for assessing privacy policy adequacy in a particular jurisdiction.
Local privacy standards and regulations provide specific legal requirements and guidelines that organizations must adhere to regarding the protection of sensitive information.
Globally accepted practices can be used to supplement, not replace, local privacy standards and regulations.
Globally accepted privacy best practices: Globally accepted privacy best practices can provide a comprehensive framework for assessing the adequacy of an organization's privacy policy. Best practices can be based on widely accepted standards and frameworks, such as ISO 27701 or the NIST Privacy Framework, and can cover a broad range of privacy risks and requirements. By using globally accepted best practices as a baseline, an IS auditor can ensure that the organization's privacy policy is aligned with current privacy trends and expectations.
Local privacy standards and regulations: Local privacy standards and regulations can provide a good starting point for assessing an organization's privacy policy. However, they may not cover all the privacy risks and requirements that are relevant to the organization. Additionally, privacy regulations can vary by jurisdiction, so an IS auditor may need to consider multiple sets of standards and regulations depending on the organization's location and business activities
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Changwha
Highly Voted 1 year, 5 months agoMJORGER
Most Recent 8 months, 3 weeks agoKAP2HURUF
10 months agoChaBum
9 months, 3 weeks agodan08
10 months, 1 week ago3008
1 year, 4 months ago3008
1 year, 4 months ago