The C answer is correct.From CBK:
Discovery and classification: The first stage of DLP is discovery and classification.
Discovery is the process of finding all instances of data, while classification is
the act of categorizing that data based on its sensitivity and value to the organization. While you should have classified your data as part of your information asset
inventory, many DLP tools are capable of applying signature-based logic that
determines the classification of data. In many cases, your existing classification
information can be used to “tune” the DLP to know what you consider sensitive.
Examples of classifications might include “PCI data” (or “cardholder data”),
“Social Security numbers,” “PHI,” and so on. Comprehensive discovery and
proper classification is critical to the effectiveness of the remaining stages and to
the success of your overall DLP implementation.
Data classification is essential to identify and categorize sensitive data so appropriate DLP policies and controls can be applied effectively. Without understanding what data is sensitive and where it resides, it is challenging to implement effective DLP measures.
Policy is the first step. You can’t just start classifying data without proper strategy and guidelines. Policy will direct you how the data needs to be classified based on business needs.
First we need a policy that will tell us how data must be categorized. Data classification is just an existance of structure of classes, without the exact categorization process.
C. Data classification.
Data classification involves categorizing and labeling data based on its sensitivity, value, and regulatory requirements. It is a foundational step in a DLP program as it helps organizations understand the types of data they possess, determine their data protection requirements, and prioritize their security efforts accordingly.
By classifying data, organizations can identify which data sets are more sensitive or critical and require stricter protection measures. This allows them to focus their resources on implementing appropriate DLP controls and policies to safeguard the classified data effectively. Data classification also aids in streamlining data handling processes, ensuring proper access controls, and facilitating compliance with relevant data protection regulations.
Once data is classified, organizations can proceed with subsequent steps in their DLP program, such as policy creation (Option A), information rights management (Option B), and configuration management (Option D), based on the specific needs and goals of their data protection strategy.
C. Data classification.
The first step that should be considered in a Data Loss Prevention (DLP) program is data classification. Data classification involves identifying and categorizing data according to its level of sensitivity, value, and importance. This helps to ensure that appropriate security controls and protections are put in place to safeguard the data and prevent it from being lost or stolen.
Once data has been classified, the organization can then develop policies and procedures to protect the data based on its classification. Information Rights Management (IRM) and Configuration Management (CM) are both important components of a DLP program, but they come after data classification.
In summary, data classification is the foundational step in a DLP program, and it is critical to the success of the program. Without proper data classification, it is difficult to develop effective policies and controls to protect sensitive data from loss or theft.
…first you need a policy. A policy to say watermark this and that, a policy to say no PII on local machines, etc, whatever policy you want. Then this can enforce that policy
The answer should be A - A DLP program seeks to improve information security and protect business information from data breaches. It's not just a tool; it's an approach that combines defined processes, well-informed and trained people, and effective technologies.
The question asks about DLP program.
A - policy would include most of the other options
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Peterzhang
Highly Voted 2 years, 3 months agosphenixfire
2 years, 2 months agojackdryan
1 year, 7 months agoHumongous1593
Highly Voted 2 years, 2 months agodeeden
Most Recent 4 months, 3 weeks agoRamye
6 months agoVasyamba1
9 months, 1 week agoBach1968
1 year, 5 months agoNageshTiwari
1 year, 8 months agoDapengZhang
1 year, 9 months agoNickname53796
2 years, 2 months agoThe_Black_One
2 years, 2 months agoJenkins3mol
7 months, 3 weeks agodev46
2 years, 3 months ago