CERTIFIED-IN-CYBERSECURITY Question #485: Real Exam Question with Answer & Explanation

Question

The posting of photographs of confidential documents that contain identifying information of customers and that have been left unattended on a printer is considered to be a breach:

Options

• AExploit
• BBreach
• COccurrence
• DAttack

Explanation

The term 'breach' describes the unauthorized access or inadvertent disclosure of personally identifiable information (PII). A breach can occur in a number of ways including a cyber attack, employee negligence, or system error (see ISC2 Study Guide, Chapter 2, Module 1). Posting photos of confidential documents containing customer identifying information left unattended on a printer is considered a breach because it involves the unauthorized disclosure of personal information or records. For example, if a malicious financial analyst at a bank inadvertently posts photos containing a customer's financial information or PII on social networking sites, this would be considered a breach. Such circumstances expose the customer's information to potential unauthorized use, compromising the customer's privacy and potentially leading to identity theft and related fraud. An 'exploit' reflects the successful execution of an 'attack'. An exploit is the term used when vulnerabilities in a system are exploited, resulting in unauthorized activity. An 'attack' refers to the attempt to exploit the vulnerability of a system, not the unauthorized access to the information. Finally, in the cybersecurity world, 'incident' typically refers to any event within a network or system that impacts operations, security, or infrastructure. However, it does not specifically refer to unauthorized access to PII (for example, an incident could refer to the detection of abnormal system behavior regardless of whether there was unauthorized access to

No community discussion yet for this question.