Exam CISA topic 1 question 1421 discussion

This is c. You have to have clear disposal procedures and policies. You would not dispose of a piece of paper with a doodle on it the way you would dispose of proprietary information. You don’t just say oh this all goes in the same trash bin. No you would either shred or burn the proprietary information so it is not ever useable again. It’s c people.

A. is my choice. Auditing data access concerns the entire life cycle. The risk is comparatively smaller when it comes to disposal. Not all data is a risk at the end of its life cycle.

This process involves monitoring and reviewing who has access to various data assets, ensuring that access is appropriate based on the classification of the data. It's crucial for maintaining the confidentiality, integrity, and availability of sensitive information. Without proper auditing procedures, unauthorized access to sensitive data could go undetected, leading to potential data breaches or misuse.

Within a data classification policy, the most important process to define is the disposing of data assets (C). Data classification policies categorize data based on its level of sensitivity and the impact to the organization if it were disclosed, altered, or destroyed. The disposal of data is critical because sensitive data requires secure deletion methods to ensure that it cannot be recovered or accessed after disposal. Failure to properly dispose of sensitive data can lead to data breaches and non-compliance with regulations, leading to significant legal and financial repercussions.

Auditing access to data assets, an organization can monitor and review who has access to sensitive data, when, and for what purposes. This helps in identifying and mitigating potential security risks, ensuring compliance with data protection regulations, and detecting unauthorized access or misuse of sensitive information. Correct answer is A