Which category of data would be classified as "confidential" under CIS Control 3?

The classification of data as "confidential" under CIS Control 3 primarily pertains to the sensitivity and potential impact associated with unauthorized access to certain types of information. Sensitive financial records are considered confidential because they contain critical information related to an organization's financial status, transactions, or personal data that, if disclosed, could lead to financial loss, reputational damage, or legal repercussions.

Sensitive financial records generally include details such as bank statements, investment records, tax returns, and information about financial transactions. These types of records require stringent security measures to prevent unauthorized access and to ensure compliance with regulations regarding financial information protection.

In contrast, publicly available data does not classify as confidential since it is accessible by anyone without restrictions. Data shared with partners may not be confidential unless it contains sensitive information that requires safeguarding through contractual means. Marketing materials typically do not fall under the confidential category, as they are often intended for broad distribution to promote a business's products or services. Thus, sensitive financial records are correctly identified as confidential data due to their inherent sensitivity and potential implications of being exposed.