If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, the most likely outcome is that the impact of an organizational data breach will be more severe than if the data had been segregated. Combining both high and low sensitivity data increases the risk that, if a breach occurs, the attacker can access all categories of data, leading to potentially more significant damage. Therefore, segregating data based on its sensitivity can help to mitigate the risk and impact of breaches.
Answer: B "Holding all data in one system can increase the consequences of a single breach” Excerpt From: “IAPP_US_TB_US-Private-Sector-Privacy-3E_1.0.” Apple Books.
See Abae's explanation.
I wonder who is making the suggestions for answers, as sometimes those are ridiculous. Of course it is B.
Answer B
Data that is more sensitive (such as trade secrets and business plans) generally requires greater protection than other information held by the organization. It may be “segregated from less sensitive data,” through access controls that enable only authorized individuals to retrieve the data, or even kept in an entirely separate system. Option B. If all data is held in the same system, temporary or lower-level employees might gain access to sensitive data. “Holding all data in one system can INCREASE the consequences of a SINGLE BREACH.” Option A. In the United States, classification is often important for compliance purposes because of sector-specific privacy and security laws. Option D. An effective data classification system HELPS an organization address compliance audits for a particular type of data, respond to “ legal discovery requests without producing more information than necessary, and use storage resources in a cost-effective manner.”