Certified in Risk and Information Systems Control (CRISC) — Question 1054

A risk practitioner notes that the number of unauthorized disclosures of confidential data has been increasing. Which of the following is MOST important to examine for determining the root cause?

Answer options

• A. The volume of data loss prevention (DLP) alerts
• B. Completeness of data classification schema
• C. Scope of security awareness training
• D. Updated regulations related to data protection

Correct answer: B

Explanation

The completeness of the data classification schema is crucial because an inadequate classification can lead to mismanagement of sensitive information, resulting in unauthorized disclosures. While DLP alerts, security training, and updated regulations are important, they do not directly address the foundational issue of how well data is classified and understood within the organization.