Certified Information Systems Auditor (CISA) — Question 1177

An organization is implementing a data loss prevention (DLP) system in response to a new regulatory requirement. Reviewing which of the following would be MOST helpful in evaluating the system’s design?

Answer options

• A. System manuals
• B. Enterprise architecture (EA)
• C. Historical record of data breaches
• D. Industry trends

Correct answer: B

Explanation

Evaluating the Enterprise Architecture (EA) provides a comprehensive view of the organization's systems and processes, which is crucial for designing an effective DLP system. While system manuals and historical data breaches offer useful information, they do not provide the holistic perspective that EA delivers. Industry trends can inform practices but do not specifically address the organization's existing structure and needs.