Certified Information Security Manager (CISM) — Question 1226
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
Answer options
- A. Data loss prevention (DLP)
- B. Data retention strategy
- C. Data encryption standards
- D. Data masking
Correct answer: A
Explanation
Data loss prevention (DLP) is crucial because it focuses on preventing sensitive data from being lost, misused, or accessed by unauthorized users, which is essential in a multi-repository environment. While data retention strategies, encryption standards, and data masking are significant, they serve as secondary measures that do not directly prevent data loss as effectively as DLP.