An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:

An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:
A . recommend encryption of all sensitive data at rest
B . determine existing controls around sensitive data
C . recommend the implementation of data loss prevention (DLP) tools
D . inquire if there have been any data loss incidents

View Answer

Answer: B