Certified Information Security Manager (CISM) — Question 321
A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur.
Which of the following is the BEST way to mitigate the risk to the organization?
Answer options
- A. Implementing audit logging on systems
- B. Including indemnification into customer contracts
- C. Contracting the process to a third party
- D. Purchasing insurance
Correct answer: A
Explanation
Implementing audit logging on systems is the best option because it provides a way to monitor access and changes to sensitive data, allowing for quicker detection and response to potential breaches. While indemnification in contracts, outsourcing to third parties, and purchasing insurance can help manage risk, they do not directly address the security and monitoring of sensitive data as effectively as audit logging.