Asset security
⏱ ~3-min readAceMark GuideWhat this topic is really about
The data owner holds accountability for classifying the data and determining appropriate access and protection requirements. The data custodian merely implements and maintains the controls the owner specifies, the processor acts on the data under instruction, and the user simply consumes it, so none of them defines classification and access policy.
Confidentiality is violated when sensitive information is accessed by unauthorized individuals.. Confidentiality ensures that sensitive information is only accessible to authorized individuals, which is directly violated when a customer list is leaked to a competitor.
See the mechanism
The CIA triad consists of Confidentiality, Integrity, and Availability. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
An employee emails a customer list to a competitor. Which CIA element is most directly violated?
- Identify what the question tests: An employee emails a customer list to a competitor..
- Confidentiality ensures that sensitive information is only accessible to authorized individuals, which is directly violated when a customer list is leaked to a competitor.
- Integrity refers to preventing unauthorized modification of data, which is not the primary issue in an unauthorized data disclosure.
- Why it matters: The CIA triad consists of Confidentiality, Integrity, and Availability. In this scenario, the employee emailing a customer list to a competitor directly violates Confidentiality, as sensitive information is being disclosed to an unauthorized party. This is not primarily an issue of Integrity, as the data itself is not being modified, nor is it an issue of Availability, as the data is being made accessible to someone it shouldn't be, rather than being denied to those who should have it.
Traps the examiner sets
- Many people confuse Integrity and Confidentiality, thinking that any breach of data handling is primarily an Integrity issue, but in cases of unauthorized disclosure, Confidentiality is the primary concern.
- Integrity refers to preventing unauthorized modification of data, which is not the primary issue in an unauthorized data disclosure.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Asset security and see it stick.
Practice more of this topic →