What is a correct statement about the balance among prevention, detection, and response (PDR)?

The statement that the balance among prevention, detection, and response (PDR) must be carefully evaluated based on data sensitivity is correct because different types of data carry different levels of risk if compromised, and therefore require tailored approaches to managing that risk. Data sensitivity refers to how critical or confidential the information is, which influences how much emphasis should be placed on prevention versus detection and response strategies.

For example, highly sensitive healthcare information under HIPAA regulations may require stringent preventive measures to avoid breaches, while also necessitating robust detection methods to quickly identify any unauthorized access attempts. The response strategy also must be well-defined for such sensitive data to minimize potential harm. Thus, the balance of PDR components is not static; it fluctuates based on the sensitivity of the data involved and the potential impact of its loss or compromise.

In contrast, statements that imply a static view of PDR or prioritize one component over others do not recognize the dynamic nature of data management in relation to its sensitivity. Therefore, evaluating PDR carefully based on data sensitivity is essential for effective compliance and risk management.