Certified Information Systems Auditor (CISA) — Question 1277

An IS auditor performing an audit of backup procedures observes that backup tapes are picked up weekly and stored offsite at a third-party hosting facility. Which of the following recommendations would be the BEST way to protect the integrity of the data on the backup tapes?

Answer options

• A. Ensure that data is encrypted before leaving the facility.
• B. Confirm that data transfers are logged and recorded.
• C. Confirm that data is transported in locked tamper-evident containers.
• D. Ensure that the transport company obtains signatures for all shipments.

Correct answer: A

Explanation

The correct answer is A because encrypting the data before it leaves the facility ensures that even if the tapes are intercepted, the data remains secure and unreadable. Options B, C, and D offer important security measures but do not directly protect the data's integrity as effectively as encryption does.