Which of the following is a primary concern of security in the cloud?
|
kabwitteHighly Voted 1 year, 5 months ago Show Official (ISC)2 Guide to CISSP CBK Fourth Edition - Page 207 ...The purpose of a classification system is to ensure information is marked in such a way that only those with an appropriate level of clearance can have access to the information. I will go with A Can we classify data, if we don't know what it is used for (purpose)? If it used to support our Top Secret operations, should we label it Top Secret? Just trying to apply some logic to my answer :) Challenge me if you like upvoted 13 times
80061 year, 4 months ago correct answer is A upvoted 3 times ... It is A. When you write a report, you need a purpose defined first. It is the same case for a data classification scheme. upvoted 1 times ... ...
Renee69Highly Voted 1 year, 11 months ago D is the correct answer; as Authenticity the quality of being authentic. It is a validity factor of an individual which proves that is authorized to have access to any confidential data, which falls under Confidentiality of the CIA Triage. https://www.cmu.edu/iso/governance/guidelines/data-classification.html upvoted 8 times Authenticity = Real or Integrity Authentication = Confirming identity upvoted 1 times ... Authenticity doesn't mean confidentiality, and you can have a classification scheme only concerned about confidentiality, even more so than with integrity or authenticity upvoted 1 times ... ...
BackupzMost Recent 2 weeks, 6 days ago Selected Answer: A I will go with A upvoted 1 times ... Selected Answer: A A: Purpose of different sets of data is a factor in deciding how the data classification scheme will be. upvoted 1 times ... Selected Answer: A The fact there are 32 comments here arguing why we need to classify the data proves the answer is A upvoted 1 times ... A for me. upvoted 1 times ... D is correct. The key here is "PRIMARY concern" not why are you classifying data. The primary concern is that authentic users are classified for the correct data. upvoted 1 times ... I vote for D. Official book: ...Organizations typically include data classifications in their security policy, or in a separate data policy. A data classification identifies the value of the data to the organization and is critical to protect data confidentiality and integrity... authenticity = integrity upvoted 1 times ... Security revolves around cost effectiveness. When building a classification scheme, the main focus is the value of the data (be it monetary or otherwise, since others mentioned PII). Purpose would never be the answer, since "how the data will be used" is never considered in classification, and quoting the AIO (Shon Harris): "How the data will be used has no bearing on how sensitive it is. In other words, the data is sensitive no matter how it will be used—even if it is not used at all." Authenticity is the quality of being authentic, and although important, is not the primary focus of a classification scheme, specially when confidentiality is the focus. upvoted 1 times ...
80061 year, 4 months ago The correct answer is A. Data classification allows the identification and prioritization of information. In order to know the type of protections, the amount to spend on those protections, and the true value of the information, classification is required. Labeled information helps senior management make better decisions. Classification labels are used to determine information sensitivity and what it would cost the company if there is disclosure. upvoted 3 times ... If I am to decide which classification to label on something, I would make sure the authenticity of that information, because faulty information leads to waste of time and money. I will stick with D on this one. upvoted 1 times I agree. You may have the right intentions (purpose), but that won't help unless the data is authentic. upvoted 1 times ... ... A is the correct Answer, Purpose upvoted 3 times
80061 year, 4 months ago ... ... B is the correct answer. Data classification is a critical step. It allows organizations to identify the business value of unstructured data at the time of creation, separate valuable information that may be targeted from less valuable information, and make informed decisions about resource allocation to secure data from unauthorized access. ref: https://edge.siriuscom.com/security/7-steps-to-effective-data-classification upvoted 4 times Think like a manger. They care about cost. I go with B as well. upvoted 3 times ... I'm just cannot disagree with you after reading Shon Harris CISSP book INFORMATION CLASSIFICATION CISSP All-In-One Exam Guide, 7th Edition Shon Harris - Kindle version - The rationale behind assigning values to different types of data is that it enables a company to gauge the amount of funds and resources that should go towards protecting each type of data, because not all data has the same value to a company. Looks like I will have to go with B. Doesn't feel right, but the Bible says so. lol upvoted 2 times ... ... First you classify the scheme and then you protect it with controls availability/authenticity and Cost effectiveness comes in AFTER the data classification.. purpose defines its significance and associated risks etc. it should be A. upvoted 3 times your explanation makes me pick A over B. I don't even how people are taking C & D as options. upvoted 1 times Have to agree about the fact the people even consider C and D! to be A makes more sense here. upvoted 1 times ... ... ... Authenticity means Non-repudiation (Source of info is genuine or known) so D is not correct! Purpose vs. Cost effectiveness - Purpose should be aligned with Corporate governance/policies, sometimes regardless of the cost ----- Purpose? upvoted 1 times ... Data authenticity— Another term for the genuineness of data. · Data integrity— The data records are real and were not faked or modified. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the Organization should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. D is the correct answer. upvoted 3 times ... It is either A (because it is the purpose will determine whether we need to pick military scheme or commercial) or B (because the overarching goal of data classification is to give assets enough security but without paying more than it is needed). upvoted 2 times ... What are the areas for security concerns in cloud computing?Top 10 Security Concerns for Cloud-Based Services. Data Breaches. Cloud computing and services are relatively new, yet data breaches in all forms have existed for years. ... . Hijacking of Accounts. ... . Insider Threat. ... . Malware Injection. ... . Abuse of Cloud Services. ... . Insecure APIs. ... . Denial of Service Attacks. ... . Insufficient Due Diligence.. What is the first priority concern about cloud computing?Network performance is the predominant concern of enterprise class cloud users.
Which of the following is the most important area of concern in cloud computing security?What is the most important concern of cloud computing? Answer: C) Security is the most important concern of cloud computing.
Why is security a big concern in cloud computing *?An is the vulnerable part of Cloud Computing because it may be possible that these services are accessed by some third parties. So it may be possible that with the help of these services hackers can easily hack or harm our data. Account Hijacking is the most serious security issue in Cloud Computing.
|
