ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 177 discussion

Actual exam question from Isaca's CISA
Question #: 177
Topic #: 1
[All CISA Questions]

An organization shares some of its customers' personally identifiable information (PII) with third-party suppliers for business purposes. What is MOST important for the IS auditor to evaluate to ensure that risk associated with leakage of privacy-related data during transmission is effectively managed?

  • A. Encrypting and masking of customer data
  • B. The third party's privacy and data security policies
  • C. Nondisclosure and indemnity agreements
  • D. Service and operational level agreements
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by nickchen at Jan. 3, 2023, 7:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Julia407b
Highly Voted 1 year, 2 months ago
Answer is A, because question is referring to 'during transmission of data'
upvoted 8 times
Feard
1 year ago
100 percent
upvoted 2 times
...
...
nickchen
Highly Voted 1 year, 6 months ago
B. The third party's privacy and data security policies The most important factor for the IS auditor to evaluate to ensure that risk associated with leakage of privacy-related data during transmission is effectively managed is the third party's privacy and data security policies. It is important for the organization to ensure that the third parties it shares customer data with have adequate safeguards in place to protect the data from unauthorized access or disclosure. The IS auditor should review the third party's policies and procedures to ensure that they are sufficient to protect the privacy of the organization's customers. Options A, C, and D may also be important to consider, but they are not as significant as the third party's privacy and data security policies
upvoted 6 times
Eric0223
1 year, 5 months ago
agreed, policy should be first then operation or process follow up. cant rely on those technology without clear busienss agreement.
upvoted 1 times
...
...
Baggio13
Most Recent 8 months, 1 week ago
Policies can be present but they do not guarantee us that data is encrypted so A si the answer
upvoted 2 times
...
testhongbrian
1 year, 3 months ago
no it is A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel