Oct 7 • 🙋♂️ CISSP
CISSP Practice Question – Insider Threats & Privacy
An enterprise wants to deploy an insider threat detection system that uses AI to analyze employee emails, chat logs, and file activity for signs of data exfiltration or policy violations. The CISO supports the initiative but the HR director and legal counsel raise privacy concerns.
What is the MOST appropriate action to take BEFORE implementing this system?
A. Inform employees of the monitoring program and require them to acknowledge acceptable use policies.
B. Obtain board approval and implement the system with limited data retention.
C. Conduct a Data Protection Impact Assessment (DPIA) to evaluate compliance, proportionality, and necessity.
D. Restrict monitoring only to privileged users to reduce privacy exposure.
2
20 comments
CISSP Practice Question – Insider Threats & Privacy
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+44
2
+30
3
+30
4
+26
5
+17
Powered by