A chief information officer (CIO) is concerned about PII contained in the organization’s various data warehouse platforms. Since not all of the PII transferred to the
organization is required for proper operation of the data warehouse application, the CIO requests the needed PII data be parsed and securely discarded. Which of
the following controls would be MOST appropriate in this scenario?
A.
Execution of PII data identification assessments
B.
Implementation of data sanitization routines
C.
Encryption of data-at-rest
D.
Introduction of education programs and awareness training
E.
Creation of policies and procedures
Another poorly formed question.
We have some PII (Personal Identifiable Information) which is not required for proper operation.
So some PII is needed (must be kept) and some is not needed (can be discarded)
Yet the question is saying that we are to parse and securely discard the data we actually need?
Am I reading this correct? Should it not be the other way around?
Unless I am parsing and discarding important data after consumption, yet I am still keeping hold of un-important PII?
Whichever way, in this scenario I must (a) Keep some PII and (b) discard others. And it is assumed that we already know which one is which.
So from the onset this eliminates:
A.Execution of PII data identification assessments
C. Encryption of data-at-rest
D. Introduction of education programs and awareness training. This does not deal with the question at hand altogether.
So we have two options. It is either B or E
B. Implementation of data sanitization routines
E. Creation of policies and procedures. To my mind, this also does not deal with the question at hand altogether.
So the best option to my mind is to have a regime where data is sanitized on as a part of a constant routine.
So I stick with: B. Implementation of data sanitization routines
0
0