Certified Information Privacy Technologist (CIPT) — Question 184

An organization has recently experienced a data breach where large amounts of personal data were compromised. As part of a post-incident review, the privacy technologist wants to analyze available data to understand what vulnerabilities may have contributed to the incident occurring. He learns that a key vulnerability had been flagged by the system but that detective controls were not operating effectively. Which type of web application security risk does this finding most likely point to?

Answer options

• A. Insecure Design
• B. Misconfiguration
• C. Vulnerable and Outdated Components
• D. Logging and Monitoring Failures

Correct answer: D

Explanation

The correct answer is D, as the issue revolves around the failure of logging and monitoring controls to detect the flagged vulnerability effectively. If these controls had been functioning properly, the organization could have responded to the threat before the data breach occurred. The other options do not directly relate to the failure of detective controls in this context.