Question

A financial organization has adopted a new secure, encrypted document-sharing application

to help with its customer loan process. Some important PII needs to be shared across this new
platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow
the PII to be shared with the secure application without compromising the organization's security
posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application
C. Configure the antivirus software to allow the application
D. Configure the DLP policies to whitelist this application with the specific PII
E. Configure the application to encrypt the PII

Answer 1

The optimal action is configuring DLP policies to recognize the secure application as trusted for PII transfer, creating a specific exception without lowering overall security.

Step-by-step explanation:

The best action to allow Personally Identifiable Information (PII) to be shared through a secure application without compromising the organization's security posture is to configure the Data Loss Prevention (DLP) policies to whitelist the application with the specific PII. This means adjusting the DLP system settings to recognize the secure document-sharing application as a trusted entity for transferring PII. It is a targeted exception that addresses the blockage issue while maintaining overall data protection standards, ensuring that only this specific application can transmit PII securely.