Certified Information Security Manager (CISM) — Question 783

An organization’s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Answer options

• A. Accept the risk, as the benefits exceed the potential consequences.
• B. Mitigate the risk by applying anonymization on the data set.
• C. Transfer the risk by purchasing insurance.
• D. Mitigate the risk by encrypting the customer names in the data set.

Correct answer: B

Explanation

The best approach in this scenario is to mitigate the risk by applying anonymization on the data set, as it helps to protect sensitive information from being linked back to individuals. While encrypting customer names (option D) is also a valid option, anonymization is often more effective in a machine learning context where the goal is to prevent identification. Accepting the risk (option A) and transferring it through insurance (option C) do not directly address the high impact of data leakage.