CRISC Certified in Risk and Information Systems Control – Question583

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

A.
Implement a tool to create and distributive violation reports
B. Block unencrypted outgoing emails which contain sensitive data
C. Implement a progressive disciplinary process for email violations
D. Raise awareness of encryption requirements for sensitive data

Correct Answer: B