Which of the following should be of MOST concern to an information security manager reviewing an organization’s data classification program?
A. The program allows exceptions to be granted.
B. Labeling is not consistent throughout the organization.
C. Data retention requirement are not defined.
D. The classifications do not follow industry best practices.
A. The program allows exceptions to be granted.
B. Labeling is not consistent throughout the organization.
C. Data retention requirement are not defined.
D. The classifications do not follow industry best practices.