An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:

December 17, 2021 by Admin

An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:

  • recommend encryption of all sensitive data at rest
  • determine existing controls around sensitive data
  • recommend the implementation of data loss prevention (DLP) tools
  • inquire if there have been any data loss incidents

Leave a Reply