CISA Certified Information Systems Auditor – Question0176

An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be:

A.
based on the results of an organization-wide risk assessment.
B. based on the business requirements for confidentiality of the information.
C. aligned with the organization’s segregation of duties requirements.
D. based on the business requirements for authentication of the information.

Correct Answer: C