An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations.

An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations.

The auditor’s MAIN concern should be that:
A . violations may not be categorized according to the organization’s risk profile.
B . violation reports may not be retained according to the organization’s risk profile.
C . violation reports may not be reviewed in a timely manner.
D . a significant number of false positive violations may be reported.

View Answer

Answer: A