Certified Information Systems Security Professional (CISSP) — Question 473

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?

Answer options

• A. Implement a user reporting policy.
• B. Implement a data encryption policy.
• C. Implement a user training policy.
• D. Implement a data classification policy.

Correct answer: D

Explanation

The correct answer is D, as implementing a data classification policy helps to categorize data based on its sensitivity, ensuring that proper handling and access controls are applied. Options A, B, and C are useful but do not directly address the need for identifying and managing the sensitivity of data to prevent unauthorized public release.