CRISC Certified in Risk and Information Systems Control – Question819

An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

A.
The reason some databases have not been encrypted.
B. A list of unencrypted databases which contain sensitive data.
C. The cost required to enforce encryption.
D. The number of users who can access sensitive data.

Correct Answer: A