Certified in Risk and Information Systems Control (CRISC) — Question 1419

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

Answer options

• A. Implement a tool to create and distributive violation reports
• B. Block unencrypted outgoing emails which contain sensitive data
• C. Implement a progressive disciplinary process for email violations
• D. Raise awareness of encryption requirements for sensitive data

Correct answer: D

Explanation

The correct answer, D, is effective because raising awareness ensures that users understand the importance of encryption, thereby promoting better practices. While option B may seem effective, blocking emails could hinder communication and may not address the root cause. Options A and C focus on reporting and punishment, which do not directly educate users on the importance of encryption.