CISM Certified Information Security Manager – Question0232
It is important to classify and determine relative sensitivity of assets to ensure that: A. cost of protection is in proportion to sensitivity. B. highly sensitive assets are protected. C. cost of controls is minimized. D. countermeasures are proportional to risk.
Correct Answer: D
Explanation:
Explanation:
Classification of assets needs to be undertaken to determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented. While higher costs are allowable to protect sensitive assets, and it is always reasonable to minimize the costs of controls, it is most important that the controls and countermeasures are commensurate to the risk since this will justify the costs. Choice B is important but it is an incomplete answer because it does not factor in risk. Therefore, choice D is the most important.
Please disable your adblocker or whitelist this site!