Certified Information Systems Auditor (CISA) — Question 393

When classifying information, it is MOST important to align the classification to:

Answer options

• A. business risk.
• B. data retention requirements.
• C. industry standards.
• D. security policy.

Correct answer: A

Explanation

Aligning information classification with business risk is essential because it ensures that sensitive data is protected in accordance with the potential impact on the organization. The other options, while important, do not prioritize the overall risk to the business, which is the primary concern in information classification.