CISSP · Question #819
What is the GREATEST challenge to identifying data leaks?
The correct answer is B. Documented asset classification policy and clear labeling of assets.. Identifying data leaks requires knowing what data is sensitive and where it resides, which depends fundamentally on a well-documented asset classification policy and clear labeling of assets.
Question
What is the GREATEST challenge to identifying data leaks?
Options
- AAvailable technical tools that enable user activity monitoring.
- BDocumented asset classification policy and clear labeling of assets.
- CSenior management cooperation in investigating suspicious behavior.
- DLaw enforcement participation to apprehend and interrogate suspects.
How the community answered
(30 responses)- A3% (1)
- B80% (24)
- C10% (3)
- D7% (2)
Why each option
Identifying data leaks requires knowing what data is sensitive and where it resides, which depends fundamentally on a well-documented asset classification policy and clear labeling of assets.
Technical tools for user activity monitoring exist and are widely available (e.g., DLP solutions, SIEM, UEBA), so their availability is not the greatest challenge to identifying data leaks.
Without a documented asset classification policy and clear labeling, security teams cannot determine what constitutes sensitive data, where it lives, or when it has been exfiltrated - making it nearly impossible to detect or confirm a data leak. Asset classification is the foundational prerequisite for any data loss prevention (DLP) strategy, because monitoring tools and investigation efforts are ineffective if the organization cannot distinguish sensitive data from non-sensitive data. The absence of this policy represents the greatest challenge because it undermines every subsequent technical and procedural control.
While senior management cooperation is important for investigations, their participation is a procedural and organizational concern that comes after a leak is suspected, not the primary barrier to initially identifying one.
Law enforcement participation is relevant to apprehension and prosecution after a leak is confirmed, not to the initial challenge of detecting and identifying that a data leak has occurred.
Concept tested: Data classification policy as foundation for DLP
Source: https://www.nist.gov/system/files/documents/2018/04/03/nistspecialpublication800-60v1r1.pdf
Topics
Community Discussion
No community discussion yet for this question.