Engineers at a company believe a certain type of data should be protected from competitors, but the data owner insists the information is not sensitive.
An information security engineer is implementing controls to secure the corporate SAN.
The controls require dividing data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive.
Which of the following actions should the engineer take regarding the data?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The situation described in the question highlights a disagreement between engineers and the data owner regarding the sensitivity of certain data. However, as an information security engineer, it is your responsibility to evaluate the data and determine the appropriate level of protection required.
To address the issue of data protection, the information security engineer has proposed dividing the data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive. The engineer must evaluate the data and decide which group the data belongs to, based on its sensitivity level.
Based on the information provided in the question, it is unclear whether the data is sensitive or not. Therefore, the engineer should conduct a thorough analysis to determine the sensitivity level of the data. The engineer should consider factors such as the potential impact of the data being compromised, the potential consequences of the data falling into the wrong hands, and the legal and regulatory requirements surrounding the data.
Once the engineer has evaluated the data, they can then determine the appropriate label to apply. If the data is determined to be non-sensitive, then the engineer should label it as such. If the data is determined to be sensitive but accessible, then the engineer should label it accordingly. Similarly, if the data is determined to be sensitive but export-controlled or extremely sensitive, then the engineer should label it accordingly.
In summary, the information security engineer should conduct a thorough analysis of the data to determine its sensitivity level and apply the appropriate label based on that determination.