Certified in Risk and Information Systems Control (CRISC) — Question 518

Which of the following is the BEST way to mitigate the risk of inappropriate access to personally identifiable information (PII) by third-party cloud service personnel?

Answer options

• A. Utilize data encryption standards throughout the information life cycle
• B. Ensure security clearance is in place within the third-party hiring process
• C. Choose a third-party provider in a jurisdiction with few privacy regulations
• D. Include data security requirements in the service level agreement (SLA)

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of data encryption, which protects PII throughout its lifecycle from unauthorized access. Option B, while important, does not address the actual protection of the data itself. Option C could expose PII to greater risks due to weaker regulations, and option D is beneficial but relies on compliance rather than proactive data protection measures.