CISM Certified Information Security Manager – Question0287

Which of (lie following would be the MOST relevant factor when defining the information classification policy?

A.
Quantity of information
B. Available IT infrastructure
C. Benchmarking
D. Requirements of data owners

Correct Answer: D

Explanation:

Explanation: When defining the information classification policy, the requirements of the data owners need to be identified. The quantity of information, availability of IT infrastructure and benchmarking may be part of the scheme after the fact and would be less relevant.