Certified Chief Information Security Officer (CCISO) — Question 68

What is the relationship between information protection and regulatory compliance?

Answer options

• A. That all information in an organization must be protected equally.
• B. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.
• C. There is no relationship between the two.
• D. That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

Correct answer: D

Explanation

The correct answer is D because regulatory requirements dictate that sensitive information like National ID information must be protected, while other types of information, such as trade secrets, are handled based on the organization's business needs. Option A is incorrect as not all information has the same level of protection. Option B is wrong because regulatory requirements should be reflected in the data classification policy, and Option C is incorrect as there is a clear relationship between information protection and compliance.