When establishing new integrations with a vendor, which of the following is an IS auditor's BEST recommendation to management concerning data security?
A.
Data interchange requests should require authentication and authorization checks.
B.
Management should ensure data being shared is aligned with the acceptable use policy.
C.
Batch processing should be utilized during business hours to minimize disruptions.
D.
Transaction logs should be monitored for completeness and accuracy.
When establishing new vendor integrations, ensuring authentication and authorization checks for data interchange requests is the most critical security control to prevent unauthorized access, data breaches, or tampering during transmission.
CISA Review Manual (Chapter 7: Information Systems Operations) states: "All data exchanges with external parties must enforce strict identity verification (authentication) and role-based access controls (authorization) to ensure only approved entities can initiate or receive data transfers". "Authentication mechanisms such as API keys, mutual TLS, or OAuth 2.0 ensure that the vendor is legitimate, while authorization checks validate their permissions for specific data types".
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
3 days, 22 hours ago