Data Classification and Impact Assessment Questions

Frameworks and practices for categorizing data by sensitivity and regulatory or business requirements, and for assessing the impact when data is exposed. Candidates should be able to explain classification tiers such as public, internal, sensitive, and restricted, describe methods for discovering and mapping sensitive data across systems, and estimate business and compliance impact of different types of data loss. Expect to discuss controls that reduce impact including encryption, access controls, retention policies, and logging, as well as how to prioritize notification and remediation based on potential exposure and business criticality. Also cover coordination with privacy, legal, and business owners during incident response and post incident reporting.