CISM Certified Information Security Manager – Question0267

A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?

A.
Access control policy
B. Data classification policy
C. Encryption standards
D. Acceptable use policy

Correct Answer: B

Explanation:

Explanation:
Data classification policies define the level of protection to be provided for each category of data. Without this mandated ranking of degree of protection, it is difficult to determine what access controls or levels of encryption should be in place. An acceptable use policy is oriented more toward the end user and, therefore, would not specifically address what controls should be in place to adequately protect information.