Certified Information Systems Auditor (CISA) — Question 940

What is the PRIMARY reason for an organization to classify the data stored on its internal networks?

Answer options

• A. To comply with the organization's data policies
• B. To follow industry best practices
• C. To implement data protection requirements
• D. To determine data retention policy

Correct answer: C

Explanation

The primary purpose of classifying data is to implement data protection requirements, ensuring that sensitive information is adequately safeguarded. While complying with data policies, following best practices, and determining retention policies are important, they are secondary to the necessity of protecting the data itself.