CAS-001 · Question #501
CAS-001 Question #501: Real Exam Question with Answer & Explanation
The correct answer is D: Improper handling of customer data, loss of intellectual property and reputation damage. When outsourcing functions that include customer data processing and software development to a third party, the most critical risks involve data mishandling, intellectual property theft, and resulting reputation damage.
Question
Options
- AGeographical regulation issues, loss of intellectual property and interoperability agreement issues
- BImproper handling of client data, interoperability agreement issues and regulatory issues
- CCultural differences, increased cost of doing business and divestiture issues
- DImproper handling of customer data, loss of intellectual property and reputation damage
Explanation
When outsourcing functions that include customer data processing and software development to a third party, the most critical risks involve data mishandling, intellectual property theft, and resulting reputation damage.
Common mistakes.
- A. Interoperability agreement issues are an operational concern but are less critical than IP loss or customer data exposure given the functions being outsourced.
- B. While improper client data handling and regulatory issues are valid, interoperability agreement issues replace the more severe risk of intellectual property loss that is directly threatened by outsourcing development functions.
- C. Cultural differences and divestiture issues are business concerns, not the primary security or risk management risks the CRO would be focused on in this context.
Concept tested. Outsourcing risk identification - data, IP, reputation
Reference. https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/managing-risk-in-outsourcing
Community Discussion
No community discussion yet for this question.