Certified in Risk and Information Systems Control (CRISC) — Question 1181

Which of the following BEST reduces the likelihood of employees unintentionally disclosing sensitive information to outside parties?

Answer options

• A. Regular employee security awareness training
• B. Anti-malware controls on endpoint devices
• C. Sensitive information classification and handling policies
• D. An egress intrusion detection system (IDS)

Correct answer: A

Explanation

Regular employee security awareness training is crucial as it educates staff on the importance of protecting sensitive information and the risks of unintentional disclosure. While anti-malware controls and an egress IDS offer security benefits, they do not directly address the human factor of information sharing. Classification and handling policies are important, but without proper training, employees may not fully understand or adhere to them.