Are you studying for the CISSP certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
What is the initial step when performing data classification?
Establish ownership.
Define access rules.
Perform a criticality analysis.
Create a data dictionary.
The correct response is Establish ownership. To implement a classification scheme, you must perform seven major steps, or phases: 1. Identify the custodian, and define their responsibilities. 2. Specify the evaluation criteria of how the information will be classified and labeled. 3. Classify and label each resource. (The owner conducts this step, but a supervisor should review it.) 4. Document any exceptions to the classification policy that are discovered, and integrate them into the evaluation criteria. 5. Select the security controls that will be applied to each classification level to provide the necessary level of protection. 6. Specify the procedures for declassifying resources and the procedures for transferring custody of a resource to an external entity. 7. Create an enterprise-wide awareness program to instruct all personnel about the classification system.
References: Stewart, J. M., Chapple, M., & Gibson, D. (2015). CISSP: Certified Information Systems Security Professional Study Guide.
Edit: The Data Owner and Data Custodian are two different titles -- Shouldn't the answer be "Establish custodian"?
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.