Which of the following would address the inherent risk until the data owners can be formally identified?

August 10, 2021 by Admin

A company is deploying a DLP solution and scanning workstations and network drives for documents that contain potential PII and payment card data. The results of the first scan are as follows:

CAS-003 Part 21 Q14 103

CAS-003 Part 21 Q14 103

The security team is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

  • Move the files from the marketing share to a secured drive
  • Search the metadata for each file to locate the file’s creator and transfer the files to the personal drive of the listed creator
  • Configure the DLP tool to delete the files on the shared drives
  • Remove the access for the internal audit group from the accounts payable and payroll shares

Leave a Reply