ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 888 discussion

Actual exam question from Isaca's CRISC
Question #: 888
Topic #: 1
[All CRISC Questions]

A highly regulated organization acquired a medical technology startup company that processes sensitive personal information with weak data protection controls.
Which of the following is the BEST way for the acquiring company to reduce its risk while still enabling the flexibility needed by the startup company?

  • A. Implement a firewall and isolate the environment from the parent company's network.
  • B. Classify and protect the data according to the parent company's internal standards.
  • C. Have the data privacy officer review the startup company's data protection policies.
  • D. Identify previous data breaches using the startup company's audit reports.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Stefan07 at May 9, 2021, 9:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ARAMiS
Highly Voted 2 years, 4 months ago
The only answer that makes any sense is B
upvoted 5 times
MusMus
1 year, 10 months ago
without having a look at the policies first ? how they can be improved, but still keep the flexibility. also parent company can be in a completely different sector, example Military company acquired a medical technology company.
upvoted 1 times
...
...
faed87a
Most Recent 1 month, 3 weeks ago
Selected Answer: B
for C. since the question already highlights the weakness in data protection controls, simply reviewing the policies doesn’t directly mitigate the risk. I'm going with B
upvoted 1 times
...
CbtL
7 months ago
Selected Answer: C
Agree with C. Without the stricture to "maintain flexibility" B would be my choice.
upvoted 1 times
...
Koulyo
7 months, 1 week ago
Going with B because the question is not about First thing to do: Option C, having the data privacy officer review the startup company's data protection policies, is important but may not be sufficient to mitigate the risks associated with weak data protection controls.
upvoted 2 times
...
Broesweelies
7 months, 3 weeks ago
Selected Answer: B
B. Classify and protect the data according to the parent company's internal standards. By classifying and protecting the data according to the parent company's internal standards, the acquiring company can ensure that the sensitive personal information is handled in a manner consistent with the regulations and security requirements that the parent company is subject to. This approach allows for the necessary data protection while still enabling the startup to operate with some degree of flexibility.
upvoted 1 times
...
john_boogieman
9 months ago
Selected Answer: C
'A' doesn't make any sense. 'B' would be the most reasonable but it is the most rigid and does not answer the requirement for the newly created company. The policy review of the acquired company (which implies its adequacy) by the DPO is the 'least bad'.
upvoted 2 times
...
Suchib
11 months ago
Please note, the ask is about how to reduce the risk, not what to do first. Hence I will go with option A.
upvoted 1 times
...
Ceecil1959
1 year, 7 months ago
C is NOT the best answer as they already know about the weak data protection policy. D: is therefore the closest correct asnwer as they first want to know if there were any data breaches with the weak data protection policy. Weak is a qualitative measure. There is no threshold with respect to the policy.
upvoted 1 times
...
Raj1510
1 year, 9 months ago
I think answer A make more sense. Since two companies are merging, we already know weak controls in other company, so till we make other companies control level as parent company or as per regulatory requirement, we can isolate the other company and run as individual entity. options C and B may be next steps both will take time, we cannot stop other company business to stop till controls in place.
upvoted 1 times
...
MusMus
1 year, 10 months ago
I think the Answer is Correct. makes sense to start by reviewing policy and then make an action plan.
upvoted 2 times
...
Stefan07
2 years, 6 months ago
D i mean not C
upvoted 2 times
MusMus
1 year, 10 months ago
I upvoted by mistake, how would identifying previous data breaches help reduce parent company risk ?
upvoted 1 times
...
...
Stefan07
2 years, 6 months ago
Correct Answer is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago