CISSP · Question #490
A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team i
The correct answer is B. Log of the transported media and its classification marking. When backup media is stolen in transit, the incident response team must quickly assess the potential business and regulatory impact. The classification marking on the media provides the fastest and most practical way to determine sensitivity and impact scope.
Question
A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?
Options
- ALog of backup administrative actions
- BLog of the transported media and its classification marking
- CLog of the transported media and Its detailed contents
- DLog of backed up data and their respective data custodians
How the community answered
(36 responses)- A14% (5)
- B47% (17)
- C31% (11)
- D8% (3)
Why each option
When backup media is stolen in transit, the incident response team must quickly assess the potential business and regulatory impact. The classification marking on the media provides the fastest and most practical way to determine sensitivity and impact scope.
A log of backup administrative actions records who performed backup tasks and when, but provides no direct information about the sensitivity or value of the data that was physically stolen.
The log of transported media combined with its classification markings allows the incident management team to immediately determine the sensitivity level (e.g., confidential, restricted, public) of the stolen data without needing to enumerate every individual file. Classification markings directly map to predefined impact levels, regulatory obligations, and notification requirements, enabling a rapid and structured business impact analysis. This approach balances actionable information with the practical need for speed in incident response.
While detailed contents would give the most granular view, this level of logging is rarely maintained for transported media and would be impractically verbose for rapid business impact analysis, making it less effective in a timely incident response.
Knowing data custodians identifies who is responsible for the data but does not directly indicate the sensitivity or criticality of the stolen data, making it insufficient on its own for assessing business impact.
Concept tested: Data classification and incident business impact analysis
Source: https://www.nist.gov/system/files/documents/2018/03/07/msp-ebook-final.pdf
Topics
Community Discussion
No community discussion yet for this question.