(ISC)2(ISC)2
CSSLP · Question #389
CSSLP Question #389: Real Exam Question with Answer & Explanation
The correct answer is D: Data classification. Data classification is a software security requirement that involves assigning sensitivity levels to stored information and evaluating the potential consequences of its unauthorized access or disclosure.
Secure Software Requirements
Question
Which software security requirement focuses on assigning sensitivity levels and evaluating potential consequences for stored information?
Options
- ACloud Data Loss Prevention
- BData ownership
- CData anonymization
- DData classification
Explanation
Data classification is a software security requirement that involves assigning sensitivity levels to stored information and evaluating the potential consequences of its unauthorized access or disclosure.
Common mistakes.
- A. Cloud Data Loss Prevention (DLP) is a technology or set of policies to prevent sensitive data from leaving defined boundaries, but data classification is a prerequisite for DLP to know what data to protect.
- B. Data ownership defines who is responsible for the data, not the process of assigning sensitivity levels and consequences.
- C. Data anonymization is the process of removing personally identifiable information from data, which is a control measure, not the initial assessment of sensitivity and consequences.
Concept tested. Data classification security requirement
Topics
#Data classification#Security requirements#Information sensitivity#Data protection
Community Discussion
No community discussion yet for this question.