CISSP · Question #595
Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no long
The correct answer is A. Assign data owners from Organization A to the acquired data.. Data ownership is a key concept in data security and classification. Data owners are responsible for defining the value, sensitivity, and classification of the data, as well as the access rights and controls for the data. When Organization A acquires data from Organization B, it
Question
Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?
Options
- AAssign data owners from Organization A to the acquired data.
- BCreate placeholder accounts that represent former users from Organization B.
- CArchive audit records that refer to users from Organization A.
- DChange the data classification for data acquired from Organization B.
How the community answered
(34 responses)- A71% (24)
- B6% (2)
- C15% (5)
- D9% (3)
Explanation
Data ownership is a key concept in data security and classification. Data owners are responsible for defining the value, sensitivity, and classification of the data, as well as the access rights and controls for the data. When Organization A acquires data from Organization B, it should assign data owners from its own organization to the acquired data, so that they can properly classify and secure the data according to Organization A's policies and standards. Creating placeholder accounts, archiving audit records, or changing the data classification are not sufficient or necessary steps to ensure the security of the acquired data.
Topics
Community Discussion
No community discussion yet for this question.