kabwitte
Highly Voted 1 year, 5 months ago
Official [ISC]2 Guide to CISSP CBK Fourth Edition - Page 207 ...The purpose of a classification system is to ensure information is marked in such a way that only those with an appropriate level of clearance can have access to the information. I will go with A Can we classify data, if we don't know what it is used for [purpose]? If it used to support our Top Secret operations, should we label it Top Secret? Just trying to apply some logic to my answer :] Challenge me if you like
upvoted 13 times
8006
1 year, 4 months ago
correct answer is A
upvoted 3 times
...
It is A. When you write a report, you need a purpose defined first. It is the same case for a data classification scheme.
upvoted 1 times
...
...
Renee69
Highly Voted 1 year, 11 months ago
D is the correct answer; as Authenticity the quality of being authentic. It is a validity factor of an individual which proves that is authorized to have access to any confidential data, which falls under Confidentiality of the CIA Triage. //www.cmu.edu/iso/governance/guidelines/data-classification.html
upvoted 8 times
Authenticity = Real or Integrity Authentication = Confirming identity
upvoted 1 times
...
Authenticity doesn't mean confidentiality, and you can have a classification scheme only concerned about confidentiality, even more so than with integrity or authenticity
upvoted 1 times
...
...
Backupz
Most Recent 2 weeks, 6 days ago
Selected Answer: A
I will go with A
upvoted 1 times
...
Selected Answer: A
A: Purpose of different sets of data is a factor in deciding how the data classification scheme will be.
upvoted 1 times
...
Selected Answer: A
The fact there are 32 comments here arguing why we need to classify the data proves the answer is A
upvoted 1 times
...
A for me.
upvoted 1 times
...
D is correct. The key here is "PRIMARY concern" not why are you classifying data. The primary concern is that authentic users are classified for the correct data.
upvoted 1 times
...
I vote for D. Official book: ...Organizations typically include data classifications in their security policy, or in a separate data policy. A data classification identifies the value of the data to the organization and is critical to protect data confidentiality and integrity... authenticity = integrity
upvoted 1 times
...
Security revolves around cost effectiveness. When building a classification scheme, the main focus is the value of the data [be it monetary or otherwise, since others mentioned PII]. Purpose would never be the answer, since "how the data will be used" is never considered in classification, and quoting the AIO [Shon Harris]: "How the data will be used has no bearing on how sensitive it is. In other words, the data is sensitive no matter how it will be used—even if it is not used at all." Authenticity is the quality of being authentic, and although important, is not the primary focus of a classification scheme, specially when confidentiality is the focus.
upvoted 1 times
...
8006
1 year, 4 months ago
The correct answer is A. Data classification allows the identification and prioritization of information. In order to know the type of protections, the amount to spend on those protections, and the true value of the information, classification is required. Labeled information helps senior management make better decisions. Classification labels are used to determine information sensitivity and what it would cost the company if there is disclosure.
upvoted 3 times
...
If I am to decide which classification to label on something, I would make sure the authenticity of that information, because faulty information leads to waste of time and money. I will stick with D on this one.
upvoted 1 times
I agree. You may have the right intentions [purpose], but that won't help unless the data is authentic.
upvoted 1 times
...
...
A is the correct Answer, Purpose
upvoted 3 times
8006
1 year, 4 months ago
...
...
B is the correct answer. Data classification is a critical step. It allows organizations to identify the business value of unstructured data at the time of creation, separate valuable information that may be targeted from less valuable information, and make informed decisions about resource allocation to secure data from unauthorized access. ref: //edge.siriuscom.com/security/7-steps-to-effective-data-classification
upvoted 4 times
Think like a manger. They care about cost. I go with B as well.
upvoted 3 times
...
I'm just cannot disagree with you after reading Shon Harris CISSP book INFORMATION CLASSIFICATION CISSP All-In-One Exam Guide, 7th Edition Shon Harris - Kindle version - The rationale behind assigning values to different types of data is that it enables a company to gauge the amount of funds and resources that should go towards protecting each type of data, because not all data has the same value to a company. Looks like I will have to go with B. Doesn't feel right, but the Bible says so. lol
upvoted 2 times
...
...
First you classify the scheme and then you protect it with controls availability/authenticity and Cost effectiveness comes in AFTER the data classification.. purpose defines its significance and associated risks etc. it should be A.
upvoted 3 times
your explanation makes me pick A over B. I don't even how people are taking C & D as options.
upvoted 1 times
Have to agree about the fact the people even consider C and D! to be A makes more sense here.
upvoted 1 times
...
...
...
Authenticity means Non-repudiation [Source of info is genuine or known] so D is not correct! Purpose vs. Cost effectiveness - Purpose should be aligned with Corporate governance/policies, sometimes regardless of the cost ----- Purpose?
upvoted 1 times
...
Data authenticity— Another term for the genuineness of data. · Data integrity— The data records are real and were not faked or modified. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the Organization should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. D is the correct answer.
upvoted 3 times
...
It is either A [because it is the purpose will determine whether we need to pick military scheme or commercial] or B [because the overarching goal of data classification is to give assets enough security but without paying more than it is needed].
upvoted 2 times
...