CISSP · Question #1214
Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?
The correct answer is A. Store sensitive data only when necessary.. Avoiding exposure of sensitive data begins with minimizing its storage footprint. Data that is never stored cannot be breached, leaked, or exfiltrated.
Question
Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?
Options
- AStore sensitive data only when necessary.
- BEducate end-users on methods of attacks on sensitive data.
- CEstablish report parameters for sensitive data.
- DMonitor mail servers for sensitive data being exfilltrated.
How the community answered
(34 responses)- A79% (27)
- B12% (4)
- C3% (1)
- D6% (2)
Why each option
Avoiding exposure of sensitive data begins with minimizing its storage footprint. Data that is never stored cannot be breached, leaked, or exfiltrated.
The principle of data minimization - storing sensitive data only when absolutely necessary - is a foundational security and privacy guideline endorsed by frameworks like GDPR, NIST, and PCI DSS. By limiting the amount of sensitive data retained, organizations drastically reduce the attack surface and the potential impact of a breach. This is a proactive control that prevents exposure before it can occur, rather than reacting to threats after data already exists.
While user education is a valuable security layer, it is a compensating control that reduces the likelihood of human error rather than directly preventing sensitive data from being exposed at the storage or system level.
Establishing report parameters for sensitive data is a detective or administrative control focused on visibility and compliance reporting, not on preventing the initial exposure or unnecessary retention of sensitive data.
Monitoring mail servers for data exfiltration is a reactive detective control that identifies a breach after sensitive data is already at risk of leaving the organization, rather than proactively limiting exposure through data minimization.
Concept tested: Data minimization principle to reduce sensitive data exposure
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-188.pdf
Topics
Community Discussion
No community discussion yet for this question.