CompTIA CySA+ (CS0-001) — Question 170

A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

Answer options

• A. Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.
• B. Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle data. Train all human resources employees.
• C. Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.
• D. Install specific equipment to create a human resources policy that protects PII data. Train company employees on how to handle PII data. Outsource all PII to another company. Send the human resources director to training for PII handling.

Correct answer: A

Explanation

The best solution is to install a data loss prevention system and train human resources employees on its usage while also providing PII training to all employees, as this addresses both technical and human factors in data protection. The other options, while they include some good practices, do not comprehensively address the need for both a preventive system and adequate training for staff, which are critical for effective data security.