オンライン小売業者から靴を購入した後、顧客は、その小売業者および同様の製品を提供する他の小売業者から追加の未承諾のオファーを受け取り続けました.
次のうち、売り手が示したコントロールの弱点として最も可能性が高いのはどれですか?
正解:D
The situation describes a scenario where a customer's personal information was shared with third parties without explicit consent, leading to unsolicited offers. This indicates a control weakness in data privacy and confidentiality, specifically the undue disclosure of information to external parties.
* (A) Incorrect - Excessive collecting of information.
* While collecting too much personal data can be a privacy concern, the issue here is not about data collection but how the data was shared.
* (B) Incorrect - Application of social engineering.
* Social engineering refers to deceptive tactics used to manipulate individuals into disclosing confidential information, which is not the case here.
* (C) Incorrect - Retention of incomplete information.
* The issue is not about missing or incomplete data but rather unauthorized sharing of data.
* (D) Correct - Undue disclosure of information.
* The retailer improperly shared the customer's personal data with other businesses, leading to unsolicited offers.
* This represents a failure to comply with data privacy regulations (e.g., GDPR, CCPA).
* IIA's GTAG (Global Technology Audit Guide) - Data Privacy Risks and Controls
* Highlights the risks associated with unauthorized data sharing.
* NIST Cybersecurity Framework - Data Protection and Privacy
* Emphasizes the importance of controlling access to customer information.
* COSO's ERM Framework - Information Governance and Compliance
* Discusses the importance of data protection policies to prevent undue disclosure Analysis of Answer Choices:IIA References and Internal Auditing Standards: