With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?
A. Human resources
B. Financial
C. Sales
D. Legal counsel
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
I’m thinking its D, since it’s specifically talking about the control and reporting requirements.
C. Sales
Sensitive and proprietary customer information, all these data seem to be owned by sales. So, if they own it, they will be responsible for controls.
From CASP’s official book: Data ownership implies that the owner is ultimately responsible for that data. Those responsibilities may include labeling the data (e.g., determining who should have access to the data), ensuring the data is subject to the appropriate security controls (e.g., backup processes), and selecting custodians who will carry out these actions
While in Financial they could own some sensitive banking info (credit cards, invoices, address) about customers ?
Tricky one, I would still head for Legal for the data retention policy