CERTIFIED-IN-CYBERSECURITY · Question #550
CERTIFIED-IN-CYBERSECURITY Question #550: Real Exam Question with Answer & Explanation
The correct answer is A: Classify the records. The financial institution can achieve its goal by implementing a data classification policy (see the ISC2 Study Guide, Chapter 5, Module 1). This involves categorizing data based on its sensitivity and privacy requirements, such as PII, financial records, and health records. Once
Question
An European institution wants different data handling protocols depending on the type of information stored. What does the institution need to do in order to achieve this?
Options
- AClassify the records
- BAnonymize the data
- CAssign a data custodian
- DPerform a vulnerability assessment
Explanation
The financial institution can achieve its goal by implementing a data classification policy (see the ISC2 Study Guide, Chapter 5, Module 1). This involves categorizing data based on its sensitivity and privacy requirements, such as PII, financial records, and health records. Once classified, appropriate handling, storage, and protection measures could be applied to each category of data. For example, health records could be subject to more stringent controls due to their highly sensitive nature. Although relevant to data security and privacy, the remaining options are not the most appropriate in the given scenario. Anonymizing data could strip it of valuable elements, and while useful as a protection strategy, it is not a classification method. Assigning a data custodian is also inadequate, as it is more about assigning responsibility than separating data based on its type. Performing a vulnerability assessment, on the other hand, is a different process aimed at identifying potential system vulnerabilities rather than classifying data.
Topics
Community Discussion
No community discussion yet for this question.