Certified Information Systems Auditor (CISA) — Question 112

Which of the following management decisions presents the GREATEST risk associated with data leakage?

Answer options

• A. Staff is allowed to work remotely.
• B. There is no requirement for desktops to be encrypted.
• C. Security awareness training is not provided to staff.
• D. Security policies have not been updates in the past year.

Correct answer: B

Explanation

The correct answer is B because unencrypted desktops can easily lead to unauthorized access and data breaches. While remote work (A), lack of training (C), and outdated policies (D) also contribute to risks, the absence of encryption directly exposes sensitive data to leakage more than the others.