Exam CISM topic 1 question 463 discussion

I would say A. I initially thought C but it's talking about accidental data loss here. That to me says it's an accident such as leaving a laptop/USB on a train and so encryption would mitigate some loss. The thing that troubles me with that answer is data isn't just in the for of media. Regardless, i don't see how training mitigates erroneous data loss

Everybody is discussing about A and C - but why not B? You need to identify what is causing the accidential data loss first through an audit. An audit will show you risks and provides recommendations, such as user awareness trainings or hard drive encryptions.

Accidental data lose can also be a staff member sent the wrong email to the wrong email address maybe the person from another company had the same name..only training can mitigate those events.

There are several data loss incidents. Inadvertently deleted files, damaged tape backup due to the poor storage temp, human error wiping out the RAID during adding the new HDD into the RAID pool, lost notebooks/tablet, malicious software, and etc.

Question asks about MITIGATION not PREVENTION.

Enforcing data hard drive encryption policy is the best option for mitigating accidental data loss events. C does not mitigate.

I'd say it's C. Data loss can also come in the form of ransomware infecting the network and encrypting data on workstations, servers and backups. Encryption of storage does indeed protect from data loss in case a user loses a laptop containing sensitive data in public transportation or it gets stolen. However, what about all other cases, like sending to the wrong email address, or mishandling data due to ignoring labeling, or leaving USB stick with sensitive data on a desk after hours (violating Clean desk policy)...? Data loss is a very broad term and from the given answers, C seems to be closest to the complete one.

I have to go C. Encryption on a hard drive is only good for the hard drive. Users send data via email, social media, SMS, and all other forms. Once it leaves the hard drive it is no longer encrypted therefore not solving all the problems. Especially since we all know users are the biggest weakness in any security expect. Therefore, I believe the answer to be C user training. Pretty much if you see a question that has to do with security and user training is an option on this test that will more then likely be the answer.

hard drive encryption is good for protecting data if a device is lost or stolen, but it doesn't prevent data loss due to accidental deletion or mismanagement.

A for sure. Training wont be better than encryption

It is another vague question. It does not say user has lost the hard-disk or laptop because when accidental data loss, it could also mean, user might have sent an email with PII to unintended recipients so assuming it's vague, the closest action could be user awareness.

Without the senior management support every other options would not have been possible

Obvious answer is A . Mitigation is the key word. C does nothing in that case.

C. Conduct periodic user awareness training