While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)
A. Data remnants
B. Sovereignty
C. Compatible services
D. Storage encryption
E. Data migration
F. Chain of custody
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Its A and E.
A) Data remnants is obvious bc youre dealing with two companies that are leaving their cloud service
E) Since this question is addressing the merger of two companies, and the companies completely migrating all outsourced data together on one site, data migration is a huge thing to be concerned about. Making sure it is migrated securely and properly, along with ensuring the migration destination stores all of the data in the same format. Some of these answer you guys put… lol
Sorry but I have to go with A and B. the core issue is sovereignty. Different countries have different cybersecurity laws and regulations. These need to be segregated and appropriate restrictions put into place. With Data Remnants, kinda the same concern. If you have remnants of one country exposed to another country, you may be violating two laws.
Whereas storage encryption is critical, law alway overshadows best practices.
the question doesn’t say anything about the companies or providers being in different countries.
please also take into consideration that availability is one of the information security aspects.
with this in mind, compatible services and data migration will pose risk to information availability.
AD
Agreed
IMHO both A, C, D and E are correct answers.
Question asks about the CISO concerns, so the concerns must the related to INFORMATION SECURITY.
Due to this, I would stick to A (Data remnants) and D (Storage encryption).
Truth is: those questions are poor elaborated, very open answers.
Tough question, but I would say A and D also.
C and E are focused more with the productivity of the business which the IT team as a whole should be managing with the decision to bring the CRM solution in house, not necessarily the utmost concern for the *keywords*: Security Officer.