Certified Information Systems Auditor (CISA) — Question 710

An organization is considering using production data for testing a new application’s functionality. Which of the following data protection techniques would BEST ensure that personal data cannot be inadvertently recovered in test environments while also reducing the need for strict confidentiality of the data?

Answer options

• A. Data normalization
• B. Data encryption
• C. Data minimization
• D. Data anonymization

Correct answer: D

Explanation

Data anonymization is the best choice as it removes personal identifiers from the data, making it impossible to trace back to individuals while still allowing for testing. In contrast, data normalization focuses on organizing data rather than protecting it, data encryption secures data but does not prevent recovery, and data minimization reduces data volume but does not ensure anonymity.