Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
What is the most effective means to reduce the risk of release of confidential data on social networking sites?
Providing security awareness training
Requiring a signed acceptable use policy
Monitoring the use of social media
Prohibiting the use of social media through network controls
A. Providing security awareness training is the best method to mitigate the risk of disclosing confidential information on social networking sites. It is important to remember that users may access these services through other means such as mobile phones and home computers; therefore, awareness training is most critical.
B. Requiring a signed acceptable use policy can be a good control. However, if users are not aware of the risk, then this policy may not be effective.
C. Monitoring the use of social media through the use of a proxy server that tracks the web sites users visit is not an effective control because users may access these services through other means such as mobile phones and home computers.
D. Prohibiting the use of social media through network controls is not an effective control because users may access these services through other means such as mobile phones and home computers.
First Edit: INACCURATE! Awareness is not deterrence, frankly most corporate awareness programs go in one ear and out the other. Prohibiting social media is mathematically the correct answer, followed by monitoring with consequences.
Second Edit: This is a poor kind of question in general but it is one seen on CISSP exams.
The last editor's assertion that Prohibiting the use of social media through network controls is the "mathematically" best method to reduce the risk of disclosing confidential information on social networking sites is incorrect. What happens when the employee is off network or not routing through your network controls? Their assertion that Monitoring the usage of social media is second best is also inaccurate. The statement is so broad that it could mean something as little as collecting network traffic statistics.
The most correct answer is Awareness. The question is not discussing deterrence, it is discussing risk reduction. Whether or not awareness programs are effective where the last editor works or not is irrelevant to the fact that awareness programs often prove effective, especially when well adopted or created well. It is also the only control that has the potential to function regardless of the user's location.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.