Jan 21 • 🙋♂️ CISSP
Practice Question (Domain 1: Security and Risk Management)
You are a CISO for a multinational financial institution undergoing a merger with another large bank. The integration process requires sharing sensitive customer data between the two organizations. Both companies have different data governance policies, risk appetites, and security controls. The regulatory landscape is complex, involving multiple jurisdictions with varying data privacy laws. You need to establish a secure and compliant data sharing framework. Which of the following should be your FIRST priority?
A. Immediately implement a secure file transfer protocol to exchange the data and begin the integration process to meet the deadlines.
B. Conduct a comprehensive gap analysis of both organizations’ security controls, data governance policies, and legal requirements to identify discrepancies and compliance obligations.
C. Negotiate a data sharing agreement with the other bank outlining data ownership, usage restrictions, security responsibilities, and liability in case of a breach.
D. Implement data masking and anonymization techniques on the data before sharing it to minimize the risk of sensitive information disclosure.
5
12 comments
Practice Question (Domain 1: Security and Risk Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+43
2
+31
3
+29
4
+24
5
+22
Powered by