Certified in Risk and Information Systems Control (CRISC) — Question 878

An information security manager has advocated for the purchase of a data loss prevention (DLP) system to reduce the impact of a potential data breach. Which of the following is the BEST way for the risk practitioner to support this recommendation?

Answer options

• A. Map the DLP system to existing risk scenarios
• B. Assign an IT owner for the DLP system
• C. Quantify the costs of the risk mitigation effort
• D. Determine the likelihood of potential loss

Correct answer: A

Explanation

Mapping the DLP system to existing risk scenarios provides a clear understanding of how the system addresses specific threats, making it the most effective support for the recommendation. The other options, while useful, do not directly link the DLP system to the specific risks it aims to mitigate, which is essential for justifying its purchase.