A security mindset is the ability to evaluate risk and constantly seek out and identify the potential or actual bre_________ of a system, application, or data.

This data classification does not need extra security protections. pub______ data is already accessible and poses a minimal risk to the organization if viewed or shared by others. Although this data is open , it still needs to be protected from security attacks. Example include press releases, job descriptions, and marketing materials.

This data classification type has a higher security level. pri_______ data is information that should be kept from the public. If an individual gains unauthorized access to this data, that event has the potential to pose a serious risk to an organization.

sens_________ data includes personally identifiable information (PII), ssens_________ personally identifiable information (SPII), and protected health information (PHI). Examples of these types of sens_________ data are banking account numbers, usernames and passwords, social security numbers (which U.S. citizens use to report their wages to the government), passwords, passport numbers, and medical information.

This data classification type is important for an organization’s ongoing business operations. confi________ data often has limits on the number of people who have access to it. Access to confi________ data sometimes involves the signing of non-disclosure agreements (NDAs)— legal contracts that bind two or more parties to protect information—to further protect the confidentiality of the data.

Asset classi___________ means labeling assets based on sensitivity and importance to an organization. The classi___________ of an organization's assets ranges from low- to high-level.

• The first step in the information lifecycle is to id__________ the important assets to the company, including sensitive customer information such as PII, financial information, social security numbers, and EINs.