Certified Information Systems Auditor (CISA) — Question 122

An organization shares some of its customers' personally identifiable information (PII) with third-party suppliers for business purposes. What is MOST important for the IS auditor to evaluate to ensure that risk associated with leakage of privacy-related data during transmission is effectively managed?

Answer options

• A. Encrypting and masking of customer data
• B. The third party's privacy and data security policies
• C. Nondisclosure and indemnity agreements
• D. Service and operational level agreements

Correct answer: A

Explanation

The correct answer is A because encrypting and masking customer data directly protects the PII during transmission, reducing the risk of data leakage. While the third party's privacy policies, nondisclosure agreements, and service agreements are important, they do not provide the same level of immediate protection for the data itself as encryption and masking do.