What is the difference between a restricted and confidential document?

What is the difference between a restricted and confidential document?

A. Restricted – to be shared among an authorized group

Confidential – to be shared among named individuals

B. Restricted – to be shared among named individuals

Confidential – to be shared among an authorized group

C. Restricted – to be shared among named individuals

Confidential – to be shared across the organization only

D. Restricted – to be shared among named individuals

Confidential – to be shared with friends and family

Answer: B

Explanation:

The difference between a restricted and confidential document is that a restricted document is to be shared among named individuals, while a confidential document is to be shared among an authorized group. Restricted and confidential are examples of information classification levels that indicate the sensitivity and value of information and the degree of protection required for it. Restricted documents contain information that could cause serious damage or harm to the organization or its stakeholders if disclosed to unauthorized persons. Therefore, they should only be accessed by specific individuals who have a legitimate need to know and are authorized by the information owner. Confidential documents contain information that could cause damage or harm to the organization or its stakeholders if disclosed to unauthorized persons. Therefore, they should only be accessed by a defined group of people who have a legitimate need to know and are authorized by the information owner. ISO/IEC 27001:2022 requires the organization to classify information in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification (see clause A.8.2.1).

Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training

Course, ISO/IEC 27001:2022 Information technology ― Security techniques ― Information security management systems ― Requirements, What is Information Classification?