An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
A.
The quality of the data is not monitored.
B.
The transfer protocol does not require authentication.
You are importing data from external market provider which makes it authentic source, data quality doesnt need to be monitored as it may only be one source. But transfer protocol should be encrypted both for confidentiality and integrity. Authentication may not even be needed maybe its open to everyone. Answer is clearly D, in all cases you need encryption
Without authentication, an attacker can impersonate a legitimate data provider and send manipulated market prices. If authentication is missing, an attacker on the network could intercept the data transfer and insert fraudulent data.
The most critical finding is that the transfer protocol does not require authentication. If the data import process lacks authentication, it opens the system to potential risks such as unauthorized access, data manipulation, or spoofed data submissions from untrusted sources. This compromises the integrity and authenticity of the imported market price data, which could have significant financial and operational consequences.
Auditor is reviewing process of "importing market price data from external data providers", if authentication is not in place it will make the organisation import data from unauthorized sources, which is unnecessary and critical since it may get the wrong data. However, transfer of unencrypted data from authorised sources on the network is the most critical as it may compromise the confidentiality.
This is a key concern because if data quality is not monitored, there is a high chance that inaccurate data will enter the system and negatively impact decision-making.
I Though A is answer. Data quality is most important. There is no need for low quality data. If the data is of a quality appropriate for your business level, you must decide whether to encrypt it or not. This question is about the data brought in.
In practice, the answer should be A. A is related to the SLA with the vendor and therefore has a direct financial impact and legal impact if it is escalated to a dispute. For option B and D, the party baring the risks and costs is actually the vendor, and hence for the auditor's client, the most concerning finding should be A.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
frisbg
Highly Voted 1 year, 10 months agoElikplim
Highly Voted 2 years, 7 months agoIlation
Most Recent 1 month agoroxannebadenhorst
3 months, 1 week agoyadavji12381
2 months, 3 weeks agoPumeza
4 months, 4 weeks agoSwallows
8 months, 3 weeks agoa84n
11 months, 1 week agoa84n
11 months, 1 week ago5b56aae
11 months, 3 weeks agoSwallows
12 months agoecho_cert
1 year, 1 month agocrowsaint
1 year, 1 month agoCISA2021
1 year, 2 months agor9m5
1 year, 6 months agocidigi
1 year, 7 months ago[Removed]
1 year, 10 months agosaado9
2 years agoBroesweelies
2 years, 1 month ago