Certified in Risk and Information Systems Control (CRISC) — Question 1401

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

Answer options

• A. encryption for data at rest
• B. encryption for data in motion
• C. two-factor authentication
• D. continuous data backup controls

Correct answer: D

Explanation

Implementing continuous data backup controls ensures that data can be restored after a ransomware attack, minimizing downtime and data loss. While encryption for data at rest and in motion, as well as two-factor authentication, enhance security, they do not directly address recovery from a ransomware incident as effectively as backups do.