Four types of Data Classification (Choose two)

Four types of Data Classification (Choose two)

A. Restricted Data, Confidential Data

B. Project Data, Highly Confidential Data

C. Financial Data, Highly Confidential Data

D. Unrestricted Data, Highly Confidential Data

View Answer

Answer: A,D

Explanation:

Two types of data classification are restricted data and unrestricted data. Restricted data is data that has a high level of sensitivity or confidentiality, and requires strict protection from unauthorized access, disclosure, modification or destruction. Examples of restricted data include personal data, financial data, trade secrets, intellectual property, etc. Unrestricted data is data that has a low level of sensitivity or confidentiality, and can be freely accessed, disclosed, modified or destroyed without significant consequences. Examples of unrestricted data include public information, marketing materials, general news, etc. Data classification is a process of assigning categories or labels to data based on its value, sensitivity, criticality and legal requirements. Data classification helps to determine the appropriate level of security controls and handling procedures for different types of data. ISO/IEC 27001:2022 requires the organization to classify information in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification (see clause A.8.2.1).

Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology ― Security techniques ― Information security management systems ― Requirements, What is Data Classification?