Certified in the Governance of Enterprise IT (CGEIT) — Question 251

To minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations, which of the following is the BEST action to take?

Answer options

• A. Establish new IT key risk indicators (KRIs).
• B. Revise the IT strategic plan.
• C. Implement data loss prevention (DLP).
• D. Update the information architecture.

Correct answer: C

Explanation

Implementing data loss prevention (DLP) is the best action because it directly addresses the risk of data breaches and ensures compliance with privacy regulations. Establishing new IT key risk indicators (KRIs), revising the IT strategic plan, and updating the information architecture do not provide the same level of immediate protection against mishandling sensitive customer information.