What principle is fulfilled when an organization restricts access to sensitive data to authorized users?

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

The principle fulfilled when an organization restricts access to sensitive data to authorized users is confidentiality. This principle focuses on ensuring that information is accessible only to those who have the proper authorization. By implementing access controls, the organization can protect sensitive data from unauthorized access, thereby maintaining its confidentiality.

Confidentiality measures are essential in preventing data breaches and ensuring that sensitive information, such as personal data or intellectual property, is only available to individuals or systems that have a legitimate need to know. This aligns with the objectives of an information security management system (ISMS) under ISO/IEC 27001, where protecting sensitive information from exposure or disclosure is a fundamental requirement.

Other options relate to different aspects of information security. Integrity involves ensuring that information is accurate and trustworthy, availability focuses on ensuring that authorized users have access to information when needed, and non-repudiation relates to providing proof of the integrity and origin of data, ensuring that parties in a communication cannot deny the authenticity of their signatures or the messages they sent. Each principle plays a vital role in the overall framework of an ISMS, but in this context, the action of restricting access specifically pertains to maintaining confidentiality.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy