During an IS audit, it is discovered that data classification rules are often ignored by programmers developing in-house software. Which of the following recommendations would BEST mitigate the risk in this situation?
A.
Revise the organization's data classification policy.
B.
Require application owners to classify data used by programmers.
C.
Ensure code reviews include data classification checks.
D.
Prevent programmers from accessing sensitive data during development.
By incorporating data classification checks into code reviews, the organization can systematically assess whether programmers are adhering to data classification rules while developing in-house software. This proactive approach ensures that any violations or deviations from the data classification policy can be identified and addressed promptly. Additionally, it helps reinforce the importance of data classification compliance among the development team, fostering a culture of accountability and adherence to security protocols.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Swallows
1 month, 2 weeks ago