試験CISSP-JP トピック4 問題1054 スレッド

The best example to minimize the attack surface for a customer's private information is collection limitation.
Collection limitation is a principle of data protection that states that the collection of personal data should be limited to the minimum necessary for the specified purpose, and that the data should be obtained by lawful and fair means, with the consent of the data subject. Collection limitation reduces the attack surface for a customer's private information, as it reduces the amount and scope of the data that is exposed to potential threats, and ensures that the data is collected in a legitimate and transparent manner. Obfuscation, authentication, and data masking are not examples of minimizing the attack surface, but rather examples of protecting the data that is already collected. Obfuscation is a technique of obscuring or hiding the meaning or intent of the data, such as by using encryption, hashing, or encoding. Authentication is a process of verifying the identity or credentials of a user or a system that requests access to the data. Data masking is a technique of replacing or modifying the sensitive data with fictitious or anonymized data, such as by using pseudonymization, tokenization, or generalization. References: Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 2: Asset Security, page 115.