How to build a DLP program from the ground up?

Hi All, I'm curious if anyone here has experience building a DLP program from the ground up?


Questions/thoughts:

1. Is following ISO 27001/NIST CSF/CIS 18 the right path? A lot of the controls are vague which can be a bit confusing when you're beginning from zero.
2. Are there any other standards/documents/youtube videos you would recommend?
3. Tools like O365, Google Workspace, Box, etc..have DLP type controls and/or settings. Do you need a 3rd party DLP solution to take your …

build building cis controls csf cybersecurity dlp experience iso iso 27001 lot nist nist csf path program questions thoughts