A company recently developed a breakthrough technology. Since this technology could give this
company a significant competitive edge, which of the following would FIRST govern how this
information is to be protected?
A.
Access control policy
B.
Data classification policy
C.
Encryption standards
D.
Acceptable use policy
Explanation:
Data classification policies define the level of protection to be provided for each category of data.
Without this mandated ranking of degree of protection, it is difficult to determine what access
controls or levels of encryption should be in place. An acceptable use policy is oriented more
toward the end user and, therefore, would not specifically address what controls should be in
place to adequately protect information.