CRISC Certified in Risk and Information Systems Control – Question527

An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

A.
Data destruction requirements
B. Cloud storage architecture
C. Data retention requirements
D. Key management

Correct Answer: D