An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?
When reviewing processes for importing market price data from external data providers, the most critical issue is that the transfer protocol is not encrypted. Encryption is essential to ensure the confidentiality and integrity of the data being transferred. Without encryption, the data could be intercepted and potentially altered or misused, leading to significant risks. While data quality and other considerations are important, they become secondary if the data can be compromised during transfer.
You are importing data from external market provider which makes it authentic source, data quality doesnt need to be monitored as it may only be one source. But transfer protocol should be encrypted both for confidentiality and integrity. Authentication may not even be needed maybe its open to everyone. Answer is clearly D, in all cases you need encryption
I will go with A. If the quality is already compromised, encryption of the protocol will not be of any help.
D is the correct answer.
The answer is D not B because data from external need to be encrypted not monitored
I cannot be A. I am debating between B and D.
B. The transfer protocol does not require authentication.
I believe A is the right answer. Market price data is public information and not sensitive. Therefore, the quality of data is important.
B. The transfer protocol does not require authentication.
this is public data available to anyone, why do they need to be encrypted?
The answer is A. Market prices are not confidential information and need not be encrypted.
I think B might also be the correct answer. If the transport protocol does not require authentication, how can you be sure that the source of the data stream is correct?
I though D is the answer. Am I wrong?
In practice, the answer should be A. A is related to the SLA with the vendor and therefore has a direct financial impact and legal impact if it is escalated to a dispute. For option B and D, the party baring the risks and costs is actually the vendor, and hence for the auditor's client, the most concerning finding should be A.
The question remark "MOST critical", so it has to be D) rather than A)
I Though A is answer. Data quality is most important. There is no need for low quality data. If the data is of a quality appropriate for your business level, you must decide whether to encrypt it or not. This question is about the data brought in.
B FOR BRAVO
Too much assumptions to deduce from these CISA-esque questions.
The main consideration when relying on data from external source is authenticity of the source
my answer is B
Answer: B
Sorry the correct answer is D
This is a key concern because if data quality is not monitored, there is a high chance that inaccurate data will enter the system and negatively impact decision-making.
The most critical finding is that the transfer protocol does not require authentication. If the data import process lacks authentication, it opens the system to potential risks such as unauthorized access, data manipulation, or spoofed data submissions from untrusted sources. This compromises the integrity and authenticity of the imported market price data, which could have significant financial and operational consequences.
Auditor is reviewing process of "importing market price data from external data providers", if authentication is not in place it will make the organisation import data from unauthorized sources, which is unnecessary and critical since it may get the wrong data. However, transfer of unencrypted data from authorised sources on the network is the most critical as it may compromise the confidentiality.
Without authentication, an attacker can impersonate a legitimate data provider and send manipulated market prices. If authentication is missing, an attacker on the network could intercept the data transfer and insert fraudulent data.