CRISC Question #260: Real Exam Question with Answer & Explanation

Question

An organization plans to implement a new Software as a Service (SaaS) speech-to-text solution Which of the following is MOST important to mitigate risk associated with data privacy?

Options

• ASecure encryption protocols are utilized.
• BMulti-factor authentication is set up for users.
• CThe solution architecture is approved by IT.
• DA risk transfer clause is included in the contact

Explanation

To mitigate data privacy risk with a new SaaS speech-to-text solution, ensuring the utilization of secure encryption protocols is paramount. This protects sensitive voice data both in transit to the service and at rest within the provider's infrastructure, preventing unauthorized access and maintaining confidentiality.

Common mistakes.

• B. Multi-factor authentication (MFA) is crucial for securing user access to the solution but does not directly protect the underlying data itself from unauthorized access or processing by the cloud provider or during transmission.
• C. Solution architecture approval by IT is a general governance step for technical alignment but doesn't specifically address data privacy controls like encryption.
• D. A risk transfer clause in a contract shifts financial liability but does not technically mitigate the actual risk of data privacy breach or prevent the privacy incident from occurring.

Concept tested. SaaS data privacy, encryption for data protection

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

No community discussion yet for this question.