Certified Information Security Manager (CISM) — Question 418
An organization recently purchased data loss prevention (DLP) software but soon discovered the software fails to detect or prevent data loss.
Which of the following should the information security manager do FIRST?
Answer options
- A. Revise the data classification policy.
- B. Review the contract.
- C. Review the configuration
- D. Implement stricter data loss controls.
Correct answer: C
Explanation
The first step should be to check the configuration of the DLP software to ensure it is set up correctly to perform its intended functions. Revising the data classification policy, reviewing the contract, or implementing stricter controls may be necessary later, but if the software isn't configured correctly, it won't work regardless of those changes.