CISA Certified Information Systems Auditor – Question1213

A recent audit concluded that an organization’s information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

A.
Look continually for new criminal behavior and attacks on sensitive data
B. Establish a clear policy related to security and the handling of sensitive data
C. Encrypt sensitive data while strengthening the system
D. Identify and periodically remove sensitive data that is no longer needed

Correct Answer: C