Question 3
Domain 4: Transparency, Governance, and AccountabilityA governance team is preparing a public update about an internal initiative. Which approach best aligns with the principle of sharing information without exposing sensitive assets?
Correct answer: B
Explanation
Information may be shared when it communicates useful status or context without revealing sensitive assets. The key distinction is whether the disclosure exposes protected details, not whether any information is shared at all. — Determine what information can be shared without exposing sensitive assets.
Why each option is right or wrong
A. Publish detailed internal asset information so stakeholders can fully verify the initiative.
Information should be shared only if it does not expose sensitive assets.
B. Provide a high-level summary that informs stakeholders while withholding sensitive asset details.
The stated principle is to determine what information can be shared without exposing sensitive assets. A high-level summary satisfies the information-sharing goal while avoiding disclosure of the protected asset details mentioned in the scenario.
C. Avoid sharing any information because all organizational information should be treated as sensitive.
Information sharing is permitted when sensitive assets are not exposed.
D. Share only technical asset details because operational context is more sensitive than assets.
Sensitive assets are the information identified as requiring protection from exposure.