An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?
A.
The reason some databases have not been encrypted.
B.
A list of unencrypted databases which contain sensitive data.
C.
The cost required to enforce encryption.
D.
The number of users who can access sensitive data.
So if you ask IT why is the database is not encrypted and they say because we don't have enough license for the encryption software .. how can you determine the impact using this piece of information? To assess the impact you should know the sensitive data that is not encrypted, so the answer is B
B. A list of unencrypted databases which contain sensitive data.
When assessing the risk impact of not having encryption in place for IT application databases, the most important information would be to identify which databases contain sensitive data and are currently unencrypted. This information helps in understanding the scope and magnitude of the risk. Knowing which specific databases are affected allows for a more targeted risk assessment and risk management efforts. It's crucial to focus on databases that store sensitive information as they pose a higher risk if not properly protected.
When assessing the risk impact of the lack of encryption in IT application databases, the most important information to consider would be the sensitivity and confidentiality of the data stored in those databases.
Its B, the root cause has no relation with impact. For any incident the impact to be derived first.Rootcause is required to identify the resolution or risk treatment.
Not all databases have encryption. And that may also mean that not all those DB's have sensitive data for them to be encrypted. Most important for assessing the impact is knowing the reason why all were not encrypted.
So you are saying that if an application database has non sensitive data or public data, then it should be encrypted ? So understanding why it is not encrypted makes sense. The keyword is " most". Remember it's isaca's way of thinking not yours.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hussmohsin
Highly Voted 3 years, 5 months agoStaanlee
Most Recent 10 months, 2 weeks agoCbtL
1 year, 3 months agojohn_boogieman
1 year, 5 months agoSuchib
1 year, 6 months agoCeecil1959
2 years, 4 months agojohn_boogieman
1 year, 5 months agoRaj1510
2 years, 6 months agoJosh93
3 years, 3 months agoAbhaythemagician
3 years, 4 months agoTsuresh
3 years, 5 months ago