Which of the following would be the GREATEST concern for an IS auditor conducting a pre-implementation review of a data loss prevention (DLP) tool?
Which of the following would be the GREATEST concern for an IS auditor conducting a pre-implementation review of a data loss prevention (DLP) tool?
Among the options, Option D: Encryption keys are not centrally managed represents the greatest concern for an IS auditor. Decentralized key management introduces substantial vulnerabilities that could compromise the entire DLP strategy, far outweighing the other issues. Monitor mode (Option A) is a temporary and manageable setup, crawlers (Option B) are a strength, and deep packet inspection (Option C) is a necessary feature with manageable risks. In contrast, poor encryption key management directly threatens data security, making it the most critical issue to address in a pre-implementation review.