Certified Information Systems Auditor (CISA) — Question 505

Which type of attack poses the GREATEST risk to an organization's most sensitive data?

Answer options

• A. Spear phishing attack
• B. Insider attack
• C. Password attack
• D. Eavesdropping attack

Correct answer: B

Explanation

The correct answer is B, as insider attacks come from individuals within the organization who have access to sensitive data and can exploit it more easily than external threats. While spear phishing, password attacks, and eavesdropping can compromise data, they often require external access and are typically less damaging than someone with legitimate access exploiting their position.