Certified Information Systems Auditor (CISA) — Question 665

Which of the following is the BEST way to address potential data privacy concerns associated with inadvertent disclosure of machine identifier information contained within security logs?

Answer options

• A. Only collect logs from servers classified as business critical.
• B. Limit the use of logs to only those purposes for which they were collected.
• C. Limit log collection to only periods of increased security activity.
• D. Restrict the transfer of log files from host machine to online storage.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of using logs strictly for their intended purposes, which mitigates privacy risks. The other options either do not address the core issue of data privacy or limit logging in ways that may not effectively prevent inadvertent disclosures.