PrepAway - Latest Free Exam Questions & Answers

Which choice below represents an application or system demonstrating a need for a high level of confidentialit

Which choice below represents an application or system demonstrating a need for a high level of
confidentiality protection and controls?

PrepAway - Latest Free Exam Questions & Answers

A.
The mission of this system is to produce local weather forecast information that is made available
to the news media forecasters and the general public at all times. None of the information requires
protection against disclosure.

B.
Destruction of the information would require significant expenditures of time and effort to
replace. Although corrupted information would present an inconvenience to the staff, most
information, and all vital information, is backed up by either paper documentation or on disk.

C.
The application contains proprietary business information and other financial information, which
if disclosed to unauthorized sources, could cause an unfair advantage for vendors, contractors, or
individuals and could result in financial loss or adverse legal action to user organizations.

D.
Unavailability of the system could result in inability to meet payroll obligations and could cause
work stoppage and failure of user organizations to meet critical mission requirements. The system
requires 24-hour access.

Explanation:
Although elements of all of the systems described could require specific controls for confidentiality,
given the descriptions above, system b fits the definition most closely of a system requiring a very
high level of confidentiality. Answer a is an example of a system requiring high availability. Answer c
is an example of a system that requires medium integrity controls. Answer d is a system that
requires only a low level of confidentiality. Asystem may need protection for one or more of the
following reasons: Confidentiality. The system contains information that requires protection from
unauthorized disclosure. Integrity. The system contains information that must be protected from

unauthorized, unanticipated, or unintentional modification. Availability. The system contains
information or provides services which must be available on a timely basis to meet mission
requirements or to avoid substantial losses. Source: NIST Special Publication 800-18, Guide for
Developing Security Plans for Information Technology Systems


Leave a Reply