ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization plans to allow a newly acquired analytics platform to pull sensitive customer data directly from your production database via an API-to-API connection. Which risk should you highlight as most critical during the pedigree and provenance review of this interconnection scenario?

Open-source components in the platform might have licenses incompatible with yours.
The third-party environment may be less secure, creating a new attack vector into the production database.
The real-time data exchange could increase network latency and slow analytics processing.
Differences in data serialization formats could require additional transformation logic.

Report Issue

Answer Description

The most critical risk is that the analytics platform could provide an additional attack path into the production database if its own security posture is weaker than the organization's. When systems are directly interconnected, a compromise of the third-party system can be leveraged to reach internal assets, leading to data breaches or manipulation. While the other concerns-data format mismatch, license incompatibility, and performance overhead-may cause operational or legal issues, they do not pose as immediate or severe a threat to the confidentiality and integrity of sensitive customer data as an expanded attack surface created by a less-secure partner system.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.