Exam CISSP topic 1 question 68 discussion

B. official study guide, P182. data classification only protects data confidentiality and integrity, it has nothing to do with availability. A data classification identifies the value of the data to the organization and is critical to protect data confidentiality and integrity.

C would be right if it aligns with the risk tolerance of the organization, why ensure the CIA if it does not align with your goals? the best choice is B

Here's a breakdown of how data classification contributes to these principles: Integrity: Proper classification helps identify data that requires strict controls to prevent unauthorized modifications. Confidentiality: Sensitive data can be assigned appropriate classification levels to restrict access and protect against disclosure. Availability: Data classification helps determine which data is critical for business operations and requires robust backup and recovery plans.

It is B. It has nothing to do with C-I-A. Espacially nothing with availability!

Getting us back on the right course. B. To ensure security controls align with organizational risk appetite This is correct. ive seen different flavors of this same question. Data classification is primarily used to determine the appropriate security controls on it that align with the business risk appetite. this is the correct answer every time. Simply classifying it doesnt ensure jack anything. you need the controls. B

Correct answer is B you do not need data classification to protect the CIA. But you need it to adapt the appropriate controls to the level of sensitivity you classified the asset

Cissp 9th official guide chapter 5.1.2 page 157. The description of classification. It mentioned classification recognize the value of the data. It is important to protect the data integrity and confidentiality.

Answer B) Data classification helps you provide the right level of protection based on the data's value, sensitivity, and the risk posed to the organization if that data is lost, stolen, or exposed

C. To ensure its integrity, confidentiality and availability

B Think like a manager, or perhaps a CISO.

The correct answer is B Data classification is important to enable security controls that align with an organization's risk appetite, so option B is correct. Properly classifying data allows applying security controls at levels commensurate with the data's sensitivity and criticality to the business. This ensures controls match the organization's priorities and risk profile. Option A is a benefit of classification but not the core purpose. Option C states generic goals rather than strategic alignment. Option D is also a secondary advantage, not the primary driver.

B. because it's all about Risk when comes to protecting the Data = values. Risk appetite in NIST definition is "The types and amount of risk, on a broad level, [an organization] is willing to accept in its pursuit of value."

though C sounds good, data classification contribute to confidentiality and integrity and less for availability, therefore I think "To ensure security controls align with organizational risk appetite" is the better answer

Option B, "To ensure security controls align with organizational risk appetite," is indeed a valid reason for why data classification control is important to an organization. Data classification helps organizations align their security controls with their risk appetite by enabling them to identify and prioritize the protection of sensitive or critical data. It allows organizations to allocate resources and apply appropriate security measures based on the classification of data and the associated risks. By classifying data, organizations can determine the level of security controls and safeguards needed for each classification category. This ensures that security measures are proportionate to the level of risk associated with the data. It helps organizations focus their efforts and resources on protecting the most sensitive or high-risk data, while also ensuring that less critical data receives appropriate levels of protection. So, both option B ("To ensure security controls align with organizational risk appetite") and option C ("To ensure its integrity, confidentiality, and availability") are valid reasons for the importance of data classification control.

Data classification, public data, internal data, confidential data, and restricted data Data classification helps organizations understand the sensitivity and criticality of their data. By classifying data based on its importance, organizations can align their security controls and measures with their risk appetite. This ensures that appropriate security controls are applied to protect data according to its classification level.

The only thing that makes sense is D , C although its the most popular makes no sense .how can data classification achieve CIA ? E.g in Biba or Bell lapadula do you have all 3s from CIA ? Makes no sense .

I think is D for C the data classification can't address the availability and integrity For appetite not make sense, beacause the security strategy must driven by the business address (remember think first in human life, second in the business) for D the data retention involve a business process (example match with PCI regulation) so the business need to classify the data in orden to know with which data and if this data address with a regulation importan to the business