Free ISACA CISA Actual Exam Questions - Question 6 Discussion
Question No. 6
Management is concerned about sensitive information being intentionally or unintentionally
emailed as attachments outside the organization by employees. What is the MOST important
task before implementing any associated email controls?
emailed as attachments outside the organization by employees. What is the MOST important
task before implementing any associated email controls?
Select one option, then reveal solution.
US
NI
Naveed I.
2026-02-04
It’s C because you can’t control what you don’t define. Without clear classification, any policy or agreement won’t target the right info, making controls ineffective from the start.
0
NI
Naveed I.
2026-01-15
B/C? I’m thinking the first step would be to classify the info (C) to know what’s sensitive before controlling emails, but without an acceptable use policy (B), employees might not understand what’s expected. Maybe classification comes just a bit before though? Seen something similar where classification was key to start.
0