Certified Information Systems Auditor (CISA) — Question 3

Which of the following is the MOST important prerequisite for implementing a data loss prevention (DLP) tool?

Answer options

• A. Identifying where existing data resides and establishing a data classification matrix
• B. Requiring users to save files in secured folders instead of a company-wide shared drive
• C. Reviewing data transfer logs to determine historical patterns of data flow
• D. Developing a DLP policy and requiring signed acknowledgment by users

Correct answer: A

Explanation

The correct answer is A because understanding where data is located and how it is classified is essential for effectively implementing a DLP tool. Options B, C, and D, while important, are secondary to the need for a clear picture of existing data, which is foundational for any DLP strategy.