A risk practitioner recently discovered that sensitive data from the production environment is required for testing purposes in non-production environments. Which
of the following is the BEST recommendation to address this situation?
A.
Mask data before being transferred to the test environment.
B.
Implement equivalent security in the test environment.
C.
Enable data encryption in the test environment.
D.
Prevent the use of production data for test purposes.
A. Mask data before being transferred to the test environment.
The best recommendation in this situation is to mask sensitive data before transferring it to the test environment. Data masking involves replacing sensitive information with realistic but fictional data that cannot be used to identify individuals or reveal confidential information. This approach allows for effective testing while safeguarding sensitive production data.
Option B, "Implement equivalent security in the test environment," can be challenging and expensive, as replicating the exact security measures of the production environment in the test environment can be complex and may not fully eliminate the risk of data exposure during testing.
Option C, "Enable data encryption in the test environment," is important for securing data in transit, but it doesn't necessarily protect the data at rest in the test environment or ensure that the data used for testing doesn't expose sensitive information.
Option D, "Prevent the use of production data for test purposes," might be ideal from a security perspective, but it's often not practical, as testing with realistic data is essential for quality assurance and system validation. Masking the data allows for effective testing while maintaining data privacy and security.
Mask or tokenize the data. I go with A. It’s prudent not to share production data with developer neither provide them with production security level. Need to know basis.
Going with B. A "feels" like the ISACA answer, however dealing with a real life security standard for years that requires B causes me to choose B. The confusion is coming from Suchib's question, "if you need it can you mask it?".
As in another similar question rectified, it is best to:
mask the data before transferring it to the test environment.
Masking data involves replacing sensitive information with realistic but fictitious data that can be used for testing purposes. By masking the data, the organization can ensure that sensitive information is not exposed in non-production environments, reducing the risk of unauthorized access, data breaches, and other security incidents.
Keep it simple. If the data is necessary in the test environment, at least apply the same security measures as production (why are you going to mask if maybe in production there are not these measures?).
I am going with using equivalent security measures. The question is saying you need to use Prod Data in the Test environment (if you didn't have to then of course you wouldn't use it in the test environment) Not to mention most places require you to get an Interm Authorization to Test (IATT) and this is approved by the AO it requires a test plan and how you intend on protecting that data.
first choose is not to use , but if require data masking is best possible solution. Generally testing environment not have all such security controls which are present in production. so support answer A
You can't mask them as those data are required for testing purposes...
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
8e1c45b
9 months, 1 week agoSuperMax
1 year, 2 months agoSuperMax
1 year, 2 months agoKoulyo
1 year, 9 months agoCbtL
1 year, 9 months agojohn_boogieman
1 year, 10 months agojohn_boogieman
1 year, 11 months agoSuchib
2 years agoMartyMar
2 years, 2 months agoRaj1510
2 years, 12 months agoStefan07
3 years, 8 months agoOdenkyem
3 years, 8 months agohussmohsin
3 years, 11 months agoIcs2Pass
3 years, 10 months ago