An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery. Which of the following should be of GREATEST concern to an IS auditor reviewing this process?
An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery. Which of the following should be of GREATEST concern to an IS auditor reviewing this process?
Backups being sent and stored in an unencrypted format is the greatest concern because it represents a significant security risk. Without encryption, anyone intercepting the transmission or accessing the stored backups could potentially read the sensitive data, leading to unauthorized access or data breaches. Encrypting the data before sending and storing it at the cloud provider's location provides an essential layer of security to protect the confidentiality and integrity of the organization's data.
Encrypting backups is essential to ensure that the data remains confidential, especially when it is transmitted or stored in an external environment such as a cloud service provider. Without encryption, the data may be exposed to unauthorized access or theft during transmission or storage. Additionally, lack of encryption may violate regulatory requirements or organization's security policies. Therefore, an IS auditor must ensure that backups are encrypted using strong encryption algorithms, and the encryption keys are securely managed.
Validation of backup data refers to the process of verifying the integrity, completeness, and accuracy of the backup data before sending it to the cloud provider. Validation is necessary to ensure that the backup data is not corrupt, missing, or inconsistent, which may result in a failed restore or data loss. However, while important, it is not the GREATEST concern as the validation process can be performed before sending the backup to the cloud provider.
lack of data encryption is of greater concern
C is the biggest concern, the company is sending data in plain text and storing in plain text.. Huge security risk. D talks about storage in different country, but did not specify regulation surrounding that. I feel C is the right answer
D for me. Laws and regulation is a big concern
why not D? regulartion is not critical as others?
Sending and storing backups in unencrypted format is the greatest concern because it exposes the organization's sensitive data to potential unauthorized access and data breaches. Encrypting the data before sending and storing it at the cloud provider's location adds an extra layer of security and helps protect the confidentiality of the data
I check in another website exam and i find is B. Validation of backup data has not been performed.
https://www.linkedin.com/advice/3/what-security-privacy-risks-backing-up-your-crm-data#:~:text=To%20prevent%20data%20breaches%2C%20you,any%20suspicious%20or%20anomalous%20behavior. What are the security and privacy risks of backing up your CRM data in the cloud? Data breaches: One of the most serious risks of backing up your CRM data in the cloud is data breaches, which can expose your sensitive customer information to unauthorized parties, such as hackers, competitors, or regulators. Data breaches can result from various factors, such as weak passwords, phishing attacks, misconfigured settings, or insider threats. To prevent data breaches, you need to encrypt your CRM data both in transit and at rest, use strong authentication and authorization mechanisms, and monitor your cloud activity for any suspicious or anomalous behavior.
* 검증은 백업 실행중에 오류나 정상 백업에 대한 로그가 남기 때문에 별도 검증도 중요하지만 보다 먼저 데이터의 암호화가 큰 비중을 차지합니다