Certified Information Systems Auditor (CISA) — Question 626

Which of the following is the PRIMARY reason that asset classification is vital to an information security program?

Answer options

• A. To ensure risk mitigation efforts are adequate
• B. To ensure asset protection efforts are in line with industry standards
• C. To ensure sufficient resources are allocated for information security
• D. To ensure the appropriate level of protection to assets

Correct answer: D

Explanation

The correct answer, D, emphasizes that asset classification helps identify the necessary level of security needed for different types of assets. While the other options address important aspects of information security, they do not directly highlight the essential role of classification in determining specific protection levels for assets.