An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
A.
Mobile devices are not encrypted.
B.
Users are not required to sign updated acceptable use agreements.
C.
The business continuity plan (BCP) was not updated.
If the data is accessible on mobile devices then the policy of not storing the data on local HDD will be applicable on mobile devices as well. I think D should be the right answer as any changes in the system should be informed and users should be trained to the changes.
Key words in the question is - "save data to their local workstation hard drives". it doesnt cover mobile devices, so mobile devices must be encrypted to protect the data resides in it.
C. The business continuity plan (BCP) was not updated (Correct)
Moving to cloud storage significantly changes how data is accessed and recovered during a disaster or system outage.
If the BCP is not updated, the organization may not have a proper plan to restore access to critical documents in the event of a cloud service failure.
This poses a serious risk to business operations, making it the greatest concern.
Answer A doesn't make sense in this scenario. Because the scenario states that data cannot be stored locally (and a mobile device is a local device), it doesn't matter that the local storage is unencrypted in this regard. The subject is the cloud document storage solution, so we should concentrate on that when picking the correct answer. In this context (even though I don't like any of the choices), the only answer that makes sense is C.
A. Mobile devices are not encrypted: This is the greatest concern because unencrypted mobile devices pose a significant risk to data security. If these devices are lost or stolen, sensitive data stored on them could be easily accessed by unauthorized individuals, leading to potential data breaches.
Cloud storage is implemented in place of local storage to avoid such issues of lost or stolen devices, since the data is not being stored locally there is no issue of data being accessed from lost or stolen device. You are saying "sensitive data stored on them could be easily accessed by unauthorized individuals" sensitive data is not stored on the, it is on cloud. so this point doesn't seem logical.
Answer: D
While updating the BCP is essential for long-term resilience, addressing the lack of user training is more critical in the short term to mitigate immediate risks associated with the new system implementation. Therefore, the IS auditor's greatest concern would likely be the absence of user training.
While all the findings mentioned are important considerations for the organization's security and compliance posture, the lack of encryption on mobile devices poses the most significant risk. With the implementation of a cloud document storage solution and the removal of the ability for users to save data locally, there's a heightened reliance on mobile devices for accessing and storing data. If these devices are not encrypted, sensitive information stored on them could be at risk of unauthorized access or exposure in the event of loss or theft
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Zephaniah
Highly Voted 2 years, 11 months agoPraveen_1983
Most Recent 5 days, 12 hours agothanksbd
1 month, 2 weeks agoRisachi
2 months agoIFBBPROSALCEDO
5 months, 1 week agob2e27ac
7 months agoPumeza
9 months, 1 week agochadeeu
9 months, 2 weeks agoyadavji12381
7 months agoSibsankar
1 year agoa84n
1 year, 3 months ago5b56aae
1 year, 4 months agoSwallows
1 year, 4 months agochoboanon
11 months agoVima234
1 year, 5 months ago