Certified Information Systems Security Professional – CISSP – Question378

What is the FIRST action a security professional needs to take while assessing an organization’s asset security in order to properly classify and protect access to data?

A.
Verify the various data classification models implemented for different environments.
B. Determine the level of access for the data and systems.
C. Verify if confidential data is protected with cryptography.
D. Determine how data is accessed in the organization.

Correct Answer: D