IAPP CIPM Exam - Topic 9 Question 43 Discussion

Actual exam question for IAPP's CIPM exam

Question #: 43
Topic #: 9

[All CIPM Questions]

A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?

ANotify all employees whose information was contained in the file.

BCheck access logs to see who accessed the folder.

CNotify legal counsel of a privacy incident.

DRestrict access to the folder.

Show Suggested Answer

Suggested Answer: D

The first step to mitigate further risks when a systems audit uncovers a shared drive folder containing sensitive employee data with no access controls is to restrict access to the folder. This can be done by implementing appropriate access controls, such as user authentication, role-based access, and permissions, to ensure that only authorized individuals can view and access the sensitive data.

https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492158151.pdf

https://www.itgovernance.co.uk/blog/5-reasons-why-employees-dont-report-data-breaches/

https://www.ncsc.gov.uk/guidance/report-cyber-incident

by Billye at Feb 25, 2023, 01:46 PM

Limited Time Offer

25%

Off

Get Premium CIPM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jonell

4 months ago

Yeah, restricting access should be the top priority here!

upvoted 0 times

...

Vivan

4 months ago

Checking access logs seems like a waste of time now.

upvoted 0 times

...

Lettie

4 months ago

Wait, how did they not have access controls in place?

upvoted 0 times

...

Whitney

4 months ago

I think notifying legal counsel is also super important.

upvoted 0 times

...

Heike

5 months ago

Definitely need to restrict access to the folder first!

upvoted 0 times

...

Jonelle

5 months ago

I practiced a similar question, and I think restricting access is definitely the right move to mitigate risks quickly.

upvoted 0 times

...

Aliza

5 months ago

I feel like notifying legal counsel is crucial too, but maybe that comes after addressing the access issue?

upvoted 0 times

...

Cristy

5 months ago

I'm not entirely sure, but I remember something about checking access logs being important for understanding the extent of the breach.

upvoted 0 times

...

Tonette

5 months ago

I think the first step should be to restrict access to the folder. It seems like the most immediate way to prevent further exposure.

upvoted 0 times

...

Stephania

5 months ago

Piece of cake! I've got this. I'll just use the citation tools in Word to get the job done.

upvoted 0 times

...

Sharee

5 months ago

I'm a little confused by the differences between these budget types. I know a rolling budget is updated regularly, but I'm not sure if that's the same as adjusting for growth and inflation on an annual basis. I'll have to review my notes to be sure.

upvoted 0 times

...

Jackie

5 months ago

I think RAID-1 is the way to go here. Disk mirroring is the key requirement, and RAID-1 provides that fault tolerance.

upvoted 0 times

...

Yoko

5 months ago

I've got a strategy - I'll start by identifying the two policy actions that are most directly related to the balance of payments, like devaluation and tariffs. Then I'll evaluate the other options to see if any of them could also be effective.

upvoted 0 times

...

Barbra

5 months ago

Ah, I think I see it now. The key is to configure the OSPF process without changing the interfaces. That should get the neighbor relationship established.

upvoted 0 times

...