Certified Information Systems Auditor (CISA) — Question 1288

Which of the following should be done FIRST to ensure that a data loss prevention (DLP) process is appropriately implemented?

Answer options

• A. Classify the data stored on its systems.
• B. Determine methods used to transmit data.
• C. Measure the volume of data stored.
• D. Identity the locations of the data on its systems.

Correct answer: A

Explanation

Classifying the data stored on the systems is crucial as it helps identify which data is sensitive and requires protection. The other options, while important, are secondary steps that depend on knowing what data needs to be safeguarded. Without proper classification, the implementation of DLP measures could be ineffective.