Certified in Risk and Information Systems Control (CRISC) — Question 1039

Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls
MOST likely failed?

Answer options

• A. Background checks
• B. Awareness training
• C. User access
• D. Policy management

Correct answer: C

Explanation

The correct answer is C, as user access controls should limit who can remove sensitive files from the premises. If the user access control was effective, the employee would not have been able to take the file, indicating a failure in this control. While background checks, awareness training, and policy management are important, they do not directly prevent the physical removal of data by authorized users.