CISA Certified Information Systems Auditor – Question0736

Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures. The IS auditor’s BEST recommendation should be to:

A.
install DLP software on corporate servers to prevent recurrence.
B. monitor and block outgoing emails based on common DLP criteria.
C. restrict removable media access on all computer systems.
D. establish a risk and control framework.

Correct Answer: D