CISA Certified Information Systems Auditor – Question1975

Which of the following is the MOST reliable way for an IS auditor to evaluate the operational effectiveness of an organization’s data loss prevention (DLP) controls?

A.
Verify that confidential files cannot be transmitted to a personal USB device.
B. Conduct interviews to identify possible data protection vulnerabilities.
C. Review data classification levels based on industry best practice.
D. Verify that current DLP software is installed on all computer systems.

Correct Answer: C