Certified Chief Information Security Officer (CCISO) — Question 74

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.
What is the MOST likely reason why the sensitive data was posted?

Answer options

• A. The DLP Solution was not integrated with mobile device anti-malware
• B. Data classification was not properly performed on the assets
• C. The sensitive data was not encrypted while at rest
• D. A risk assessment was not performed after purchasing the DLP solution

Correct answer: D

Explanation

The correct answer is D because failing to perform a risk assessment after acquiring the DLP solution can lead to undetected vulnerabilities. Options A, B, and C, while potentially relevant, do not address the immediate oversight of assessing risk factors associated with the DLP's capabilities and implementation.