Your organization classifies data into four classes: confidentiality, private, sensitivity, and public. Which of the following is the primary concern behind the classification scheme? (Wentz QOTD)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Disclosure.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Asset classification typically determines the importance or priority of assets based on business value, which can be evaluated in terms of confidentiality, integrity, availability, purchase/historical cost, loss of revenue, opportunity cost, etc. The classification scheme is a crucial tool to classify assets. Security controls are scoped and tailored after assets have been classified properly.
The classification scheme (confidentiality, private, sensitivity, and public) mentioned in this question is confidentiality-centric and commonly used in the private sector. Given the classification scheme, disclosure of information that compromises confidentiality is the primary concern.
您的組織將數據分為四類：機密性、私有性、敏感性和公開性。以下哪個是分類方案背後的主要問題？ (Wentz QOTD)
A. 披露 (disclosure)
B. 交替 (alternation)