Which of the following is the best technical method to protect sensitive data at an organizational level?

Denying all traffic on a specific port may hinder legitimate communication and functionality within the network, potentially causing operational disruptions. This approach lacks the targeted and nuanced protection provided by a DLP system, which can selectively monitor and manage sensitive data flows regardless of the port used.

While developing a Python script for reviewing email traffic can aid in identifying Personally Identifiable Information (PII), it may not offer the same level of automated, real-time protection and enforcement capabilities as a dedicated DLP solution. Manual scripts are limited in scale and may not effectively cover all avenues of data transmission.

While having a strict policy for handling sensitive data is crucial, relying solely on policy enforcement without technical safeguards like a DLP system leaves gaps in data protection. Policies guide behavior, but technical controls such as encryption, monitoring, and prevention mechanisms are essential to actively secure data.