Certified in Risk and Information Systems Control (CRISC) — Question 175

Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?

Answer options

• A. An access control list
• B. An acceptable usage policy
• C. An intrusion detection system (IDS)
• D. A data extraction tool

Correct answer: B

Explanation

An acceptable usage policy outlines the appropriate use of instant messaging and helps educate employees about data security, making it essential for mitigating risks of data leakage. While an access control list, intrusion detection system, and data extraction tool may provide security measures, they do not directly address user behavior regarding data handling in communication.