Maintaining Confidentiality

Correct Answer: Implement role-based access controls and maintain detailed access logs for all sensitive documents

Role-based access controls with detailed access logs is the most secure and professional approach to handling confidential information. This practice ensures: - Each team member has appropriate access based on their role - All document access is tracked and auditable - Compliance with data protection regulations - Clear accountability for information handling Other options are problematic because: Verbal authorization for sharing confidential information lacks documentation and accountability, making it difficult to track who accessed what and when. Standard team-wide access permissions fail to implement the principle of least privilege, potentially exposing sensitive data to team members who don't need it. Distributing decryption keys via email is risky as email is not a secure communication channel, and giving all team members access to encryption keys defeats the purpose of data protection measures.

Correct Answer: Verify the stakeholder's authorization level and provide access based on established security protocols

The best action is to verify the stakeholder's authorization level and provide access based on established security protocols. Here's why: Correct approach because: - It follows proper security and governance procedures - It respects existing organizational protocols - It ensures compliance while maintaining data protection - It demonstrates professional responsibility in handling sensitive information Why other options are less appropriate: Relying only on NDAs and verbal commitments is insufficient for sensitive data protection - formal authorization protocols should be followed. Waiting for senior management email approval creates unnecessary delays and bypasses established security protocols that may already define access levels. Requesting a written explanation alone doesn't address security requirements - proper authorization verification is essential regardless of the stated need for access.

Correct Answer: Apply encryption and store in a secure repository with restricted access

The best approach for handling confidential project documents during archival is to apply encryption and store them in a secure repository with restricted access. This solution provides multiple layers of security: 1. Encryption protects the actual content of the documents 2. A secure repository ensures physical/digital security 3. Restricted access maintains control over who can view the materials The other options are less effective because: Storing in a shared project management system poses risks as these systems may not have adequate security features for long-term confidential storage. Saving documents in multiple locations increases the risk of security breaches and makes access control more complicated to manage. Simply using password protection in a department database is insufficient for confidential documents, as standard databases may lack proper security protocols and encryption capabilities required for sensitive information.