2 cissp ® Official Study Guide Eighth Edition


Confidential or Proprietary



Download 19,3 Mb.
Pdf ko'rish
bet166/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   162   163   164   165   166   167   168   169   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Confidential or Proprietary 
The 
confidential
or 
proprietary
label typically refers to the 
highest level of classified data. In this context, a data breach would cause exceptionally
grave damage to the mission of the organization. As an example, attackers have repeatedly 
attacked Sony, stealing more than 100 terabytes of data including full-length versions of 
unreleased movies. These quickly showed up on file-sharing sites and security experts esti-
mate that people downloaded these movies up to a million times. With pirated versions of the 
movies available, many people skipped seeing them when Sony ultimately released them. This 
directly affected their bottom line. The movies were proprietary and the organization might 
have considered it as exceptionally grave damage. In retrospect, they may choose to label 
movies as confidential or proprietary and use the strongest access controls to protect them.
Private 
The 
private
label refers to data that should stay private within the organization but 
doesn’t meet the definition of confidential or proprietary data. In this context, a data breach 
would cause serious damage to the mission of the organization. Many organizations label PII 
and PHI data as private. It’s also common to label internal employee data and some financial 
data as private. As an example, the payroll department of a company would have access to 
payroll data, but this data is not available to regular employees.
Sensitive 
Sensitive
data is similar to confidential data. In this context, a data breach would 
cause damage to the mission of the organization. As an example, information technology 
(IT) personnel within an organization might have extensive data about the internal network 
including the layout, devices, operating systems, software, Internet Protocol (IP) addresses
and more. If attackers have easy access to this data, it makes it much easier for them to 
launch attacks. Management may decide they don’t want this information available to the 
public, so they might label it as sensitive.


Identify and Classify Assets 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   162   163   164   165   166   167   168   169   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish