Certified Information Privacy Technologist (CIPT) — Question 181

A BaaS provider backs up the corporate data and stores it in an outsider provider under contract with the organization. A researcher notifies the organization that he found unsecured data in the cloud. The organization looked into the issue and realized one of its backups was misconfigured on the outside provider's cloud and the data fully exposed to the open internet. They quickly secured the backup. Which is the best next step the organization should take?

Answer options

• A. Review the content of the data exposed
• B. Review its contract with the outside provider
• C. Investigate how the researcher discovered the unsecured data
• D. Investigate using alternate BaaS providers or on-premise backup systems

Correct answer: A

Explanation

The best next step is to review the content of the data exposed (Option A) to understand the potential implications of the breach. This is crucial for assessing the risk and determining any necessary actions to mitigate damages. Options B, C, and D may be relevant but do not directly address the immediate concern of understanding what sensitive information was compromised.