Examice

Exam CISA All QuestionsBrowse all questions from this exam

Question 276

A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

Identifying data security threats in the affected jurisdiction

Reviewing data classification procedures associated with the affected jurisdiction

Identifying business processes associated with personal data exchange with the affected jurisdiction

Developing an inventory of all business entities that exchange personal data with the affected jurisdiction

Correct Answer: C

To determine the organization's level of exposure to the new regulation prohibiting cross-border transfer of personal data, it is most helpful to identify business processes associated with personal data exchange with the affected jurisdiction. By understanding these processes, an IS auditor can assess how the regulation impacts the organization’s operations and pinpoint areas that require immediate attention or compliance measures. This assessment ensures a targeted and effective response to the regulation.

Discussion

oldmagicOption: C

C is the correct answer for me. You have to identify the business process before you can identify the entities

007GeorgeoOption: C

C for sure

saado9Option: C

C. Identifying business processes associated with personal data exchange with the affected jurisdiction

3008Option: C

c is answer

3008

SORRY , C IS NOT ANSWER

analuisamoreiraOption: C

Question is about "most helpful", in my opinion is more important to understand the business impact, although it's is important to have an inventory. I think D would come first, but C is more relevant.

Yejide03Option: C

Identifying business processes

blues_leeOption: C

C is the correct answer for me.

3008Option: D

the most helpful in making an assessment of the organization's level of exposure to the new regulation. However, the IS auditor may need to undertake additional activities such as reviewing data classification procedures and identifying data security threats to provide a comprehensive assessment.

3008

Option C - Identifying business processes associated with personal data exchange with the affected jurisdiction This option involves identifying business processes that involve the exchange of personal data with the affected jurisdiction. It is an important activity as it provides insight into the organization's exposure to the new regulation. By identifying these processes, the IS auditor can assess the potential impact of the new regulation on the organization's operations. Option D - Developing an inventory of all business entities that exchange personal data with the affected jurisdiction This option involves creating a list of all business entities that exchange personal data with the affected jurisdiction. This option is the most helpful in assessing the organization's level of exposure to the new regulation as it provides a comprehensive overview of all the organization's operations that are impacted. The IS auditor can use this list to identify critical business processes and prioritize the organization's compliance efforts.

echo_cert

C is correct, sorry. It's not the responsibility of an Auditor to develop an inventory. Auditors review, identify, observe etc. But not perform an operational task.