The answer should be B. Based on GTAG Global Technology Audit Guide (GTAG®) 1 - Confidentiality includes privacy considerations. - Encryption services applied where confidentiality is a stated requirement Thus B is correct answer

It's B. Encryption exists to protect privacy.

I think it's C. I checked the Gleim textbook and IIA textbook, and it said a bunch about Access, nothing about Privacy. Plus, if you think about it, what risk does it address (as per the original question)? If someone gains access to something that they shouldn't have access to, encryption protects your data so that the hacker still can't see it. Therefore, it addresses an access risk. This COULD entail privacy to a certain extent, but that's specifically only pertaining to the confidentiality of PII, not an all-around extent of accessing anything and everything. Therefore, I think Access Risk makes more sense because it entails anything and everything to do with the risks of people gaining access to ANY data (whether it be PII or other things) but still not being able to do anything with their access because the data is encrypted.

Encryption of sensitive data can be an effective way for a business to reduce its data breach risks. Encryption can be a “safe harbour,” that can limit your exposure to breach notification laws when unauthorized individuals gain access to your data.

Encryption is related to the integrity of information so I thnink A is correct

A is correct