Exam CISA topic 1 question 442 discussion

The best control to prevent sensitive data from leaving an organization via email is to block outbound emails that are not encrypted. Why? Sensitive data should never leave the organization unprotected. Blocking unencrypted outbound emails enforces compliance and prevents human error or intentional data leaks. It acts as a proactive, automated control, rather than a reactive or user-dependent one. Why not the others? A. Scanning outgoing emails This is a detective control and may identify issues after the fact, but it does not prevent data from being sent. C. Conducting periodic phishing tests Helpful for training and awareness, but it addresses a different threat (social engineering), not data leakage prevention. D. Providing encryption solutions for employees While valuable, simply providing tools doesn’t guarantee their use—it lacks enforcement. Employees may forget or misuse them.

blocking outbound emails sent without encryption aligns with ISACA CISA standards for information security and data protection. According to the CISA (Certified Information Systems Auditor) guidelines, preventive controls (such as blocking unencrypted emails containing sensitive information) are critical for protecting sensitive data and ensuring compliance with data privacy and confidentiality requirements. The idea is to proactively prevent unauthorized or insecure transmission of sensitive information.

While scanning outgoing emails (option A) can be a valuable control for detecting certain types of sensitive information in emails, it may not be foolproof and can sometimes generate false positives or miss certain types of sensitive data. Therefore, providing encryption solutions for employees is generally considered the most effective control for preventing sensitive data from leaving an organization via email.

A. Scanning outgoing emails: This control allows for proactive detection of sensitive data within outgoing email messages. By implementing a data loss prevention (DLP) solution that scans outgoing email content, the organization can identify and potentially block emails containing sensitive information, preventing unauthorized data exfiltration.

A is correct. Enforcing encryption for outgoing email does not help with preventing users from sharing sensitive information

On B, Block outbound, only allow encryption

The BEST control to help prevent sensitive data leaving an organization via email is 'Blocking outbound emails sent without encryption.' This control ensures that all sensitive information is protected by encryption and reduces the risk of sensitive data being intercepted or intercepted by unauthorized individuals.

I think A is right. Scanning is work as DLP.

should be B

D. Blocking outbound emails sent without encryption is the right answer.