Certified Information Systems Auditor (CISA) — Question 556

Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?

Answer options

• A. Information assets should only be accessed by persons with a justified need.
• B. All information assets must be encrypted when stored on the organization's systems.
• C. Any information assets transmitted over a public network must be approved by executive management.
• D. All information assets will be assigned a clearly defined level to facilitate proper employee handling.

Correct answer: D

Explanation

Option D is correct because assigning a classification level to information assets helps ensure that they are handled appropriately according to their sensitivity. While options A, B, and C address important aspects of information security, they do not directly relate to the establishment of clear data classification levels, which is critical for effective protection.