3d (edited) • 🙋♂️ CISSP
CISSP Practice Question (Domain 2: Asset Security / Data Governance)
A company uses a third party AI service to summarize internal incident reports for executives. Reports include sensitive employee and investigation details. The vendor states data may be retained temporarily to improve model performance. Legal and HR raise concerns, but leadership values insight speed.
What is the MOST appropriate action to take FIRST?
A. Encrypt all reports before submission to the AI service
B. Perform a data classification and usage review for the AI workflow
C. Require the vendor to sign stricter confidentiality clauses
D. Limit AI access to only closed incident reports
Come back for the answer tomorrow, or study more now!
1
15 comments
CISSP Practice Question (Domain 2: Asset Security / Data Governance)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+50
2
+50
3
+35
4
+29
5
+26
Powered by