# Data Discovery and Classification Tools One-sentence definition: Scanners and ML-driven tools that locate sensitive data and assign labels to drive controls. ## Key Facts - Techniques: pattern matching, dictionaries, ML models, context rules. - Coverage: endpoints, file shares, databases, cloud/SaaS, email. - Integrations: DLP, CASB, DRM, SIEM for enforcement/alerting. - Manage false positives/negatives; tune and approve labels. - Report coverage & gaps for governance dashboards. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose discovery method for a given repository. **Mnemonic:** “Find → Flag → Force controls.” ## Mini Scenario Q: Unknown PII on shared drives—first step? A: Run discovery scans and apply classification/permissions. ## Revision Checklist - Name 3 locations to scan. - Explain how labels trigger controls. - State a tuning step. ## Related [[Data Classification Levels and Handling Rules]] · [[Data Labeling and Marking]] · [[Data Loss Prevention (DLP)]] · [[CASB and SSPM/CSPM Overview]] · [[Shadow IT and Unsanctioned Data Stores]] · [[Domain 2 - Index]]