Which of the following is the MOST appropriate control for asset data labeling procedures?
Which of the following is the MOST appropriate control for asset data labeling procedures?
The most appropriate control for asset data labeling procedures is categorizing the types of media being used. Asset data labeling involves classifying and managing different types of media to ensure that data assets are correctly labeled and controlled. By categorizing the types of media, organizations can distinguish between various storage devices and apply consistent labeling practices. This process facilitates better organization, security controls, and proper handling of data assets across different media types.
Data categorization is a must for any organization.
A is correct
Isn't this issue about the control of the program itself
correct, it is the control of PROCEDURE, instead of asset management
We are talking about the data itself not the medium
The MOST appropriate control for asset data labeling procedures is option A: Categorizing the types of media being used. Asset data labeling procedures involve labeling and categorizing different types of media (such as physical storage devices, electronic media, or documents) to effectively manage and track data assets. Categorizing the types of media being used helps in identifying and distinguishing between different storage devices and media types, allowing for better organization and control. By categorizing the types of media, organizations can implement appropriate security controls and procedures tailored to each category. This includes assigning different levels of sensitivity or classification to data stored on specific media, implementing access controls based on media types, and applying specific handling and disposal procedures.
I go with B. While categorizing the types of media being used and reviewing audit trails of logging records are important controls, it may not be as directly relevant to asset data labeling procedures as logging data media to provide a physical inventory control.
The most appropriate control for asset data labeling procedures is B. Logging data media to provide physical inventory control. By logging the data media, organizations can keep track of all of the different types of media being used, such as CDs, USBs, hard drives, etc. Organizations can also use the logs to track the movement of data media within the organization, including any off-site storage access controls. Additionally, by logging data media, organizations can review audit trails of logging records to ensure that all data media is properly labeled and accounted for. Resources include National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and The National Archives, Guidance on the Management of Data Media Labeling.
official study guide P190, Marking Sensitive Data and Assets labeling has nothing to do with audit logs
The question is asking "control for asset data labeling". So how to label data that is an asset, for example an application or a database with customer info. A CMDB does that, that's where you store all this info, and everything is a Configuration Item and has all relevant info. So the answer is B.
Question is asking about labeling procedures. Options B, C and D have nothing to do with a labeling procedure. Answer is A.
A has to happen first before B. A is priority.
Answer A) Classification versus Categorization: Classification by itself is simply a system of classes set up by an organization to differentiate asset values and, therefore, protection levels. The act of assigning a classification level to an asset is called categorization. Ideally, all assets should be categorized into a classification system to allow them to be protected based on value. https://destcert.com/resources/domain-2-asset-security/
Assestment
Others seem irelevant