A company uses a method where file creators decide who can view or edit their documents. A department manager unintentionally provided external analysts with access to restricted data. Which measure most effectively lowers the likelihood of this happening again?
Adopt a system that organizes permissions based on predefined job function groups
Encourage file creators to consult with support resources when altering permissions
Focus on network segmentation as an independent measure, apart from file-sharing changes
Use classification labels enforced by a system to reduce reliance on owner-based decisions
Classification labels managed by a structured mechanism help limit errors when file owners decide who can access data. Policies such as seeking help from support resources or segregation measures may reduce some problems but do not prevent owners from granting too much access. Group-based permissions also help but still rely on the original owner’s decisions for roles outside standard functions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are classification labels in access control?
Open an interactive chat with Bash
How do classification labels differ from group-based permissions?
Open an interactive chat with Bash
How can classification labels prevent over-permission mistakes?