An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
A.
Mobile devices are not encrypted.
B.
Users are not required to sign updated acceptable use agreements.
C.
The business continuity plan (BCP) was not updated.
C. The business continuity plan (BCP) was not updated (Correct)
Moving to cloud storage significantly changes how data is accessed and recovered during a disaster or system outage.
If the BCP is not updated, the organization may not have a proper plan to restore access to critical documents in the event of a cloud service failure.
This poses a serious risk to business operations, making it the greatest concern.
Answer A doesn't make sense in this scenario. Because the scenario states that data cannot be stored locally (and a mobile device is a local device), it doesn't matter that the local storage is unencrypted in this regard. The subject is the cloud document storage solution, so we should concentrate on that when picking the correct answer. In this context (even though I don't like any of the choices), the only answer that makes sense is C.
A. Mobile devices are not encrypted: This is the greatest concern because unencrypted mobile devices pose a significant risk to data security. If these devices are lost or stolen, sensitive data stored on them could be easily accessed by unauthorized individuals, leading to potential data breaches.
Cloud storage is implemented in place of local storage to avoid such issues of lost or stolen devices, since the data is not being stored locally there is no issue of data being accessed from lost or stolen device. You are saying "sensitive data stored on them could be easily accessed by unauthorized individuals" sensitive data is not stored on the, it is on cloud. so this point doesn't seem logical.
Answer: D
While updating the BCP is essential for long-term resilience, addressing the lack of user training is more critical in the short term to mitigate immediate risks associated with the new system implementation. Therefore, the IS auditor's greatest concern would likely be the absence of user training.
While all the findings mentioned are important considerations for the organization's security and compliance posture, the lack of encryption on mobile devices poses the most significant risk. With the implementation of a cloud document storage solution and the removal of the ability for users to save data locally, there's a heightened reliance on mobile devices for accessing and storing data. If these devices are not encrypted, sensitive information stored on them could be at risk of unauthorized access or exposure in the event of loss or theft
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Zephaniah
Highly Voted 2 years, 9 months agoIFBBPROSALCEDO
Most Recent 3 months agob2e27ac
4 months, 3 weeks agoPumeza
7 months agochadeeu
7 months, 1 week agoyadavji12381
4 months, 3 weeks agoSibsankar
10 months agoa84n
1 year, 1 month ago5b56aae
1 year, 1 month agoSwallows
1 year, 2 months agochoboanon
8 months, 3 weeks agoVima234
1 year, 3 months ago