Certified Chief Information Security Officer (CCISO) — Question 154

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.
Which of the following would be the MOST concerning?

Answer options

• A. Failure to notify police of an attempted intrusion
• B. Lack of reporting of a successful denial of service attack on the network.
• C. Lack of periodic examination of access rights
• D. Lack of notification to the public of disclosure of confidential information

Correct answer: D

Explanation

The correct answer is D because failing to notify the public about the disclosure of confidential information can lead to significant legal and reputational consequences for an organization. While the other options, such as not reporting an attack or not examining access rights, are concerning, they do not pose as immediate and severe a risk to the public and the organization's credibility.