CISA Exam - Question 1199

Auditing access to data assets, an organization can monitor and review who has access to sensitive data, when, and for what purposes. This helps in identifying and mitigating potential security risks, ensuring compliance with data protection regulations, and detecting unauthorized access or misuse of sensitive information. Correct answer is A

Within a data classification policy, the most important process to define is the disposing of data assets (C). Data classification policies categorize data based on its level of sensitivity and the impact to the organization if it were disclosed, altered, or destroyed. The disposal of data is critical because sensitive data requires secure deletion methods to ensure that it cannot be recovered or accessed after disposal. Failure to properly dispose of sensitive data can lead to data breaches and non-compliance with regulations, leading to significant legal and financial repercussions.

This process involves monitoring and reviewing who has access to various data assets, ensuring that access is appropriate based on the classification of the data. It's crucial for maintaining the confidentiality, integrity, and availability of sensitive information. Without proper auditing procedures, unauthorized access to sensitive data could go undetected, leading to potential data breaches or misuse.

A. is my choice. Auditing data access concerns the entire life cycle. The risk is comparatively smaller when it comes to disposal. Not all data is a risk at the end of its life cycle.