Certified in Risk and Information Systems Control (CRISC) — Question 390
Due to budget constraints, an organization cannot implement encryption to all databases. Which of the following is the MOST useful information to identify high- risk databases where encryption should be applied?
Answer options
- A. Business impact assessment (BIA)
- B. Unsupported database list
- C. Penetration test results
- D. Data classification scheme
Correct answer: D
Explanation
The Data classification scheme is crucial as it categorizes data based on sensitivity and risk, helping prioritize which databases need encryption. While the Business impact assessment (BIA) and penetration test results provide valuable insights, they do not specifically target data sensitivity as effectively as the classification scheme. The unsupported database list is relevant for compliance but does not directly indicate risk levels for encryption needs.