Certified Information Systems Security Professional (CISSP) — Question 141

An organization is building an enterprise system using attribute-based access control (ABAC). To avoid inadvertent exposure, what should organizations do to ensure the proper handling of personally identifiable information (PII) and enforcement of PII regulations across the enterprise?

Answer options

• A. Employ trust agent.
• B. Employ trust agreements.
• C. Employ training program.
• D. Employ regulations from leadership.

Correct answer: C

Explanation

The correct answer is C, as a training program ensures that employees understand the importance of handling PII correctly and are aware of the relevant regulations. Options A and B do not directly address the educational needs of the staff regarding PII. Option D may provide guidelines but does not ensure that all employees are adequately trained on PII compliance.