A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: 1. Financially sensitive data 2. Project data 3. Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less…

QuestionsCategory: CAS-003A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: 1. Financially sensitive data 2. Project data 3. Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less…
Admin Staff asked 6 months ago
A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:
1. Financially sensitive data
2. Project data
3. Sensitive project data
The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.
Which of the following is the BEST course of action for the analyst to recommend?

A. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

B. Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

C. Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

D. Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.








 

Suggested Answer: B

Community Answer: B



This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

Next Post

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.