Certified in the Governance of Enterprise IT (CGEIT) — Question 108

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

Answer options

• A. Information security policy
• B. Business impact
• C. Information architecture
• D. Industry standards

Correct answer: B

Explanation

The primary basis for categorizing information in a classification scheme should be business impact, as it directly relates to how the information affects the organization's operations and risk management. While the other options like information security policy and industry standards are important, they serve more as guidelines rather than the core determinant for classification.