Certified Information Systems Auditor (CISA) — Question 350

Which of the following is the BEST source of information for examining the classification of new data?

Answer options

• A. Current level of protection
• B. Input by data custodians
• C. Security policy requirements
• D. Risk assessment results

Correct answer: C

Explanation

The correct answer is C, as security policy requirements outline the necessary classifications and protections for different types of data. Options A and B provide contextual information but do not establish official guidelines, while D focuses on potential threats rather than classification standards.