Certified Information Systems Auditor (CISA) — Question 400

During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents the
GREATEST risk to the organization?

Answer options

• A. Human resource cost of responding to the incident
• B. Business disruption if a data restore cannot be completed
• C. Reputational damage due to potential identity theft
• D. The cost of recreating the missing backup tapes

Correct answer: C

Explanation

The greatest risk is reputational damage due to potential identity theft, as it can lead to loss of customer trust and long-term financial harm. While the other options represent valid concerns, they do not carry the same immediate and lasting impact on the organization's reputation and customer relationships as identity theft does.