A company has a data system with definitions for “Private” and “Public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”.
Which of the following is the MOST likely reason the company added this data type?
A.
Reduced cost
B.
More searchable data
C.
Better data classification
D.
Expanded authority of the privacy officer
The correct answer is C.
Lots of Labels While the commercial and government/military data classification
labels just described cover everything you’ll run into for the exam, keep in mind that
every organization has different needs. It’s normal for organizations to adopt their own
labels that make sense for them. A few of these you might see are
• Internet Data that is accessible to the public Internet. Your organization’s Web
page is a good example.
Internal Use Information that is only used internally by your organization. An
internal phone directory is one type of internal-use information.
• Restricted Information that is tied exclusively to a certain group within the
organization. Starting salaries for new accountants is an example.
• Sensitive A generic label that is often tied to both commercial and
government/military label types.
13
2
I think B is actually correct here.
The data is not better classified since Propriety is going to be a subset of Private anyway. It may be easier to search for data using this label, however.
1
12
It is a matter of reading the question properly:
A company currently has a data system with definitions for “Private” and “Public”.
The company’s security policy outlines how data should be PROTECTED based on type.
The company recently decided to add the data type “Proprietary”
The question is: Why?
The reason the company added a new data type is based on “DATA PROTECTION” considerations.
We are speaking about Mandatory access control (MAC) in here.
Often employed in government and military facilities, mandatory access control works by assigning a classification label to each file system object. Classifications include confidential, secret and top secret. Each user and device on the system is assigned a similar classification and clearance level.
When a person or device tries to access a specific resource, the OS or security kernel will check the entity’s credentials to determine whether access will be granted. While it is the most secure access control setting available, MAC requires careful planning and continuous monitoring to keep all resource objects’ and users’ classifications up to date.
The answers to date have been clearly a tossup between
B. More searchable data
C. Better data classification
Yet, adding a new classification was done in order to provide BETTER DATA PROTECTION as mentioned, and not to provide EASE OF SEARCHABILITY. As a matter of fact, the amount of data to be searched remains the same.
Having said that, a person doing searches will be only be able to find the data that person is entitled to see. So a person entitled to find Public data should never ever be able to find “Private” or “Proprietary” data, which does not help with “B. More searchable data.”
As a result, the only possible answer is “C. Better data classification.”
8
0