Certified Information Systems Security Professional (CISSP) — Question 329

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

Answer options

• A. Policy creation
• B. Information Rights Management (IRM)
• C. Data classification
• D. Configuration management (CM)

Correct answer: C

Explanation

The first step in a Data Loss Prevention program is Data classification, as it involves identifying and categorizing sensitive information before implementing any policies or technologies. While Policy creation, Information Rights Management, and Configuration management are important, they rely on having a clear understanding of the data that needs protection.