Certified Information Systems Auditor (CISA) — Question 596

Which of the following is MOST important to consider when assessing the scope of privacy concerns for an IT project?

Answer options

• A. Business requirements and data flows
• B. Applicable laws and regulations
• C. Data ownership
• D. End user access rights

Correct answer: B

Explanation

The correct answer is B, as understanding the applicable laws and regulations is essential to ensure compliance and mitigate legal risks associated with privacy. While business requirements, data ownership, and end user access rights are also important, they do not have the same level of legal implications that can arise from failing to adhere to laws and regulations.