CISM Certified Information Security Manager – Question0645
The information classification scheme should: A. consider possible impact of a security breach. B. classify personal information in electronic form. C. be performed by the information security manager. D. classify systems according to the data processed.
Correct Answer: A
Explanation:
Explanation:
Data classification is determined by the business risk, i.e., the potential impact on the business of the loss, corruption or disclosure of information. It must be applied to information in all forms, both electronic and physical (paper), and should be applied by the data owner, not the security manager. Choice B is an incomplete answer because it addresses only privacy issues, while choice A is a more complete response. Data classification is determined by the business risk, i.e., the potential impact on the business of the loss, corruption or disclosure of information. It must be applied to information in all forms, both electronic and physical (paper), and should be applied by the data owner, not the security manager.
Please disable your adblocker or whitelist this site!