Certified Chief Information Security Officer (CCISO) — Question 63

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Answer options

• A. Need to comply with breach disclosure laws
• B. Fiduciary responsibility to safeguard credit information
• C. Need to transfer the risk associated with hosting PII data
• D. Need to better understand the risk associated with using PII data

Correct answer: D

Explanation

The correct answer is D because understanding the risks associated with using PII is crucial for effective risk management. Options A, B, and C are important considerations, but they are secondary to the fundamental necessity of comprehending the risks involved in handling sensitive information.