An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:
A. recommend encryption of all sensitive data at rest
B. determine existing controls around sensitive data
C. recommend the implementation of data loss prevention (DLP) tools
D. inquire if there have been any data loss incidents
A. recommend encryption of all sensitive data at rest
B. determine existing controls around sensitive data
C. recommend the implementation of data loss prevention (DLP) tools
D. inquire if there have been any data loss incidents