Certified Information Systems Auditor (CISA) — Question 57

Which of the following is the MOST effective way for an organization to protect against data loss?

Answer options

• A. Conduct periodic security awareness training.
• B. Limit employee Internet access.
• C. Review firewall logs for anomalies.
• D. Implement data classification procedures.

Correct answer: D

Explanation

Implementing data classification procedures is the most effective way to protect against data loss because it allows organizations to identify and properly handle sensitive information. The other options, while beneficial for security, do not directly address the classification and management of data, making them less effective in preventing data loss.