Which of the following helps to apply the proper security controls to information?
A. Data classification
C. Clean desk policy
Correct Answer: A
Section: Compliance and Operational Security
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. These categories make applying the appropriate policies and security controls practical.
B: Deduplication is a specialized data compression technique for eliminating duplicate copies of repeating data. Related and somewhat synonymous terms are intelligent (data) compression and single-instance (data) storage.
C: Clean Desk Policy Information on a desk — in terms of printouts, pads of note paper, sticky notes, and the like — can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This however applies only to a certain category of information.
D: Encryption of data/information is but one type of security control and the question is more concerned about the proper security controls that needs to be applied and when data is classified it makes the type of security control to be employed more appropriate.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 404, 409