An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery. Which of the following should be of GREATEST concern to an IS auditor reviewing this process?
A.
Testing of restore data has not been performed.
B.
Validation of backup data has not been performed.
C.
Backups are sent and stored in unencrypted format.
D.
The cloud provider is located in a different country.
Encrypting backups is essential to ensure that the data remains confidential, especially when it is transmitted or stored in an external environment such as a cloud service provider. Without encryption, the data may be exposed to unauthorized access or theft during transmission or storage. Additionally, lack of encryption may violate regulatory requirements or organization's security policies. Therefore, an IS auditor must ensure that backups are encrypted using strong encryption algorithms, and the encryption keys are securely managed.
Validation of backup data refers to the process of verifying the integrity, completeness, and accuracy of the backup data before sending it to the cloud provider. Validation is necessary to ensure that the backup data is not corrupt, missing, or inconsistent, which may result in a failed restore or data loss. However, while important, it is not the GREATEST concern as the validation process can be performed before sending the backup to the cloud provider.
https://www.linkedin.com/advice/3/what-security-privacy-risks-backing-up-your-crm-data#:~:text=To%20prevent%20data%20breaches%2C%20you,any%20suspicious%20or%20anomalous%20behavior.
What are the security and privacy risks of backing up your CRM data in the cloud?
Data breaches: One of the most serious risks of backing up your CRM data in the cloud is data breaches, which can expose your sensitive customer information to unauthorized parties, such as hackers, competitors, or regulators. Data breaches can result from various factors, such as weak passwords, phishing attacks, misconfigured settings, or insider threats. To prevent data breaches, you need to encrypt your CRM data both in transit and at rest, use strong authentication and authorization mechanisms, and monitor your cloud activity for any suspicious or anomalous behavior.
C is the biggest concern, the company is sending data in plain text and storing in plain text.. Huge security risk. D talks about storage in different country, but did not specify regulation surrounding that. I feel C is the right answer
Sending and storing backups in unencrypted format is the greatest concern because it exposes the organization's sensitive data to potential unauthorized access and data breaches. Encrypting the data before sending and storing it at the cloud provider's location adds an extra layer of security and helps protect the confidentiality of the data
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jsbig1211
2 months, 2 weeks agoRay81
11 months, 2 weeks ago3008
1 year, 1 month ago3008
1 year, 1 month agoMark_1
1 year, 2 months ago007Georgeo
1 year, 2 months agobotherder88
1 year, 5 months agoanshuti
1 year, 5 months agoEric0223
1 year, 5 months agoSBD600
1 year, 2 months ago