Certified in Risk and Information Systems Control (CRISC) — Question 299

An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

Answer options

• A. Classification of the data
• B. Type of device
• C. Remote management capabilities
• D. Volume of data

Correct answer: A

Explanation

The classification of the data is crucial because it determines the sensitivity and security requirements for that information. If sensitive data is accessed on personal devices, it increases the risk of data breaches. The other options, while relevant, do not carry the same weight in assessing the potential impact of unauthorized access to classified information.