Question

Ben's organization uses data loss prevention software that relies on metadata tagging to ensure that sensitive files do not leave the organization. What compensating control is best suited to ensuring that data that does leave is not exposed?

A. Mandatory data tagging policies
B. Encryption of all files sent outside the organization
C. DLP monitoring of all outbound network traffic
D. Network segmentation for sensitive data handling systems

Answer 1

Encryption of all files sent outside the organization is the best compensating control to ensure data that leaves is not exposed.

Step-by-step explanation:

The compensating control best suited to ensuring that data that leaves the organization is not exposed is encryption of all files sent outside the organization. While metadata tagging helps prevent sensitive files from leaving, encryption of the files provides an extra layer of protection by securing the content itself. When files are encrypted, even if they are intercepted during transmission, they cannot be accessed without the encryption key. This safeguards the data from unauthorized exposure.

For example, if Ben's organization uses encryption to protect a sensitive document before sending it via email to someone outside the organization, even if the email is intercepted, the encrypted document will remain inaccessible to anyone without the decryption key.

Mandatory data tagging policies, DLP monitoring of outbound network traffic, and network segmentation for sensitive data handling systems can help in overall data protection, but encryption specifically addresses the concern of data exposure when it leaves the organization.