Terri has recently been assigned to the information security team as a risk assessment analyst. As she goes through the files (on paper and in the company's cloud-based information systems) that the company already has, she realizes that they are inconsistent in format and hard to use to perform analysis, and that there are no controls over who in the company can access these files. Does any of this present an information security concern?
Choose all that apply.
A. Yes, because the lack of controls on access and use suggests that data integrity is lacking or cannot be assessed.
B. Yes, because the data in these files could represent significant vulnerabilities of company systems, and its inadvertent or deliberate disclosure could be very damaging to the company.
C. No, because the company would have chosen a cloud systems provider that fully protects any unauthorized persons or outsiders from accessing any company data.
D. Yes, because conflicting formats and content might make much of the data unusable for analysis and decision making without a lot of effort, impacting whether that data can support decision making in a timely manner.