CERTIFIED-IN-CYBERSECURITY · Question #531
CERTIFIED-IN-CYBERSECURITY Question #531: Real Exam Question with Answer & Explanation
The correct answer is C: Labeling. The first step in classifying data stored in an information system is labeling. This involves assigning a classification level to the data based on its sensitivity and the level of protection required (see ISC2 Study Guide, Chapter 5, Module 1). For example, an organization might
Question
What is the first step in classifying data stored in an Information System?
Options
- ASharing
- BCollecting
- CLabeling
- DStoring
Explanation
The first step in classifying data stored in an information system is labeling. This involves assigning a classification level to the data based on its sensitivity and the level of protection required (see ISC2 Study Guide, Chapter 5, Module 1). For example, an organization might label data as "public," "internal," "confidential," or "restricted" based on the data's content, the potential impact of unauthorized disclosure, and regulatory requirements. Once the data is labeled, it can be stored and managed appropriately based on its classification level. This could include storing the data in a secure location appropriate to its classification level. However, storage is not the first step in the process. Collecting involves identifying and collecting the data that needs to be classified, while sharing involves distributing the data to authorized individuals in a manner that maintains its security. Both of these activities require an understanding of the data's classification, which can only be obtained after the data has been marked.
Topics
Community Discussion
No community discussion yet for this question.