The most beneficial stage of the system development life cycle (SDLC) to consider data privacy principles is D: Requirements definition. This is because data privacy principles should be integrated into the design and development of customer-facing IT applications from the very beginning, not as an afterthought or a retrofit1. By considering data privacy principles in the requirements definition stage, the developers can identify the personal data that will be collected, processed, stored, and shared by the application, and ensure that they comply with the relevant laws and regulations, such as the General Data Protection Regulation (GDPR)2. They can also apply the principles of data minimization, purpose limitation, transparency, consent, and security to protect the privacy rights and interests of the customers3.

Section: Protection of Information Assets
Explanation
Explanation:
Calculating cryptographic hashes for wireless communications allows the device receiving the communications to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. Device authentication and data origin authentication is not the correct answer since authenticating wireless endpoints to each other prevents man-in-the-middle attacks and masquerading. Wireless iDS/lPSs is not the correct answer since wireless IDS/lPS shave the ability to detect misconfigured devices and rogue devices, and detect and possibly stop certain types of attacks. Packet headers and trailers alone do not ensure that the content has not been altered.

Explanation/Reference:
Explanation:
Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques.

The best recommendation for an IS auditor who finds that one employee has unauthorized access to confidential data is to require the business owner to conduct regular access reviews. Access reviews are periodic assessments of user access rights and permissions to ensure that they are appropriate, necessary, and aligned with the business needs and objectives. Access reviews help to identify and remediate any unauthorized, excessive, or obsolete access that could pose a security risk or violate compliance requirements.
The business owner is responsible for defining and approving the access requirements for their data and ensuring that they are enforced and monitored. References:
* CISA Review Manual (Digital Version)
* CISA Questions, Answers & Explanations Database