Certified in Risk and Information Systems Control (CRISC) — Question 806

An organization is concerned that its employees may be unintentionally disclosing data through the use of social media sites. Which of the following will MOST effectively mitigate this risk?

Answer options

• A. Conducting user awareness training
• B. Requiring employee agreement of the acceptable use policy
• C. Establishing a data classification policy
• D. Requiring the use of virtual private networks (VPNs)

Correct answer: A

Explanation

Conducting user awareness training is the most effective way to mitigate the risk of unintentional data disclosure through social media, as it directly educates employees about the potential dangers and best practices. While requiring agreement to an acceptable use policy, establishing a data classification policy, and using VPNs are important measures, they do not directly address the issue of employee behavior in relation to social media usage.