An organization wants to classify data based on its sensitivity and impact if disclosed. Which security principle is being applied?
Trap 1: Defense in depth
Defense in depth uses multiple layers, not data labeling.
Trap 2: Least privilege
Least privilege restricts access rights, but classification is about labeling data.
Trap 3: Data loss prevention
DLP enforces policies, but classification is a precursor.
- A
Defense in depth
Why wrong: Defense in depth uses multiple layers, not data labeling.
- B
Confidentiality, integrity, and availability (CIA)
Data classification directly supports confidentiality and integrity by applying appropriate controls.
- C
Least privilege
Why wrong: Least privilege restricts access rights, but classification is about labeling data.
- D
Data loss prevention
Why wrong: DLP enforces policies, but classification is a precursor.