4: Data Protection

Question 1

Commercial Business Classification Levels

Answer 1

Public
Sensitive
Private
Confidential
Critical

Question 2

Government Classification Levels

Answer 2

Unclassified
Sensitive but Unclassified
Confidential
Secret
Top Secret

Question 3

Data Owner

Answer 3

A senior executive responsible for labeling information assets and ensuring they
are protected with appropriate controls

Question 4

Data Controller

Answer 4

Entity responsible for determining data storage, collection, and usage purposes
and methods, as well as ensuring the legality of these processes

Question 5

Data Processor

Answer 5

A group or individual hired by the data controller to assist with tasks like data
collection and processing

Question 6

Data Steward

Answer 6

Focuses on data quality and metadata, ensuring data is appropriately labeled and
classified, often working under the data owner

Question 7

Data Custodian

Answer 7

Responsible for managing the systems on which data assets are stored, including
enforcing access controls, encryption, and backup measures

Question 8

Privacy Officer

Answer 8

Oversees privacy-related data, such as personally identifiable information (PII),
sensitive personal information (SPI), or protected health information (PHI),
ensuring compliance with legal and regulatory frameworks