Certified Information Systems Auditor (CISA) — Question 251

Which of the following risk scenarios is BEST addressed by implementing policies and procedures related to full disk encryption?

Answer options

• A. Data leakage as a result of employees leaving to work for competitors
• B. Physical theft of media on which information is stored
• C. Unauthorized logical access to information through an application interface
• D. Noncompliance fines related to storage of regulated information

Correct answer: B

Explanation

The correct answer is B because full disk encryption protects data at rest, making it inaccessible if physical media is stolen. Options A, C, and D are more related to data access and regulatory issues, which encryption alone does not directly address.