Certified Information Systems Auditor (CISA) — Question 763

Which of the following is the BEST way for an organization that is using a Software as a Service (SaaS) application to reduce its risk associated with the collection and protection of personal information?

Answer options

• A. Limit the amount of personal information collected to industry standards.
• B. Encrypt personal information held by the organization.
• C. Limit the amount of personal information collected to the minimum required.
• D. Only allow remote access to personal information from an alternate site.

Correct answer: C

Explanation

The best approach to minimize risk is to limit the collection of personal information to only what is necessary, which is option C. This reduces the potential exposure of sensitive data. While encrypting data (option B) helps protect it, it does not address the amount of data collected, making it less effective as a risk reduction strategy.