Certified Information Systems Auditor (CISA) — Question 83

Following the implementation of a data loss prevention (DLP) tool, administrators have been overwhelmed with a high number of false positives. Which of the following is the BEST way to address this issue?

Answer options

• A. Enable monitoring-only mode to permit further tuning of the solution.
• B. Educate staff about the risks of sharing sensitive information outside the organization.
• C. Amend policy rules to match approved and unapproved business information pathways.
• D. Ensure the latest signature files are present and configure regular updates.

Correct answer: C

Explanation

The best approach is to amend policy rules to align with approved and unapproved business information pathways, as this directly addresses the root cause of the false positives. Enabling monitoring-only mode (A) does not solve the problem but merely postpones it, while educating staff (B) and ensuring updates (D) do not specifically target the misclassification issue.