An organization is implementing a data loss prevention (DLP) solution. Which of the following is the BEST approach to reduce false positives during initial deployment?
Trap 1: Use default policies without modification
Default policies may not fit the organization.
Trap 2: Limit scope to one department to minimize noise
Scope too narrow may miss cross-department patterns.
Trap 3: Block all sensitive data transmissions immediately
Blocking without tuning causes business disruption.
- A
Use default policies without modification
Why wrong: Default policies may not fit the organization.
- B
Limit scope to one department to minimize noise
Why wrong: Scope too narrow may miss cross-department patterns.
- C
Deploy in monitor-only mode and analyze alerts for a period
Monitor-only mode allows policy tuning without impact.
- D
Block all sensitive data transmissions immediately
Why wrong: Blocking without tuning causes business disruption.