Certified Information Systems Auditor (CISA) — Question 681

An IS auditor is evaluating the security of an organization's data backup process, which includes the transmission of daily incremental backups to a public cloud provider. Which of the following findings poses the GREATEST risk to the organization?

Answer options

• A. Backup transmissions occasionally fail.
• B. The archived data log is incomplete.
• C. Backup transmissions are not encrypted.
• D. Data recovery testing is conducted quarterly.

Correct answer: C

Explanation

The correct answer is C because unencrypted backup transmissions expose sensitive data to potential interception during transmission. While options A and B indicate issues that could affect reliability, they do not directly compromise data security. Option D, although relevant, indicates a regular testing schedule that does not represent a significant risk compared to the lack of encryption.