Which of the following is the MOST reliable way for an IS auditor to evaluate the operational effectiveness of an organization’s data loss prevention (DLP) controls?
A. Verify that confidential files cannot be transmitted to a personal USB device.
B. Conduct interviews to identify possible data protection vulnerabilities.
C. Review data classification levels based on industry best practice.
D. Verify that current DLP software is installed on all computer systems.
A. Verify that confidential files cannot be transmitted to a personal USB device.
B. Conduct interviews to identify possible data protection vulnerabilities.
C. Review data classification levels based on industry best practice.
D. Verify that current DLP software is installed on all computer systems.