Certified Information Security Manager (CISM) — Question 1023

Which of the following is MOST helpful to an information security manager when determining service level requirements for an outsourced application?

Answer options

• A. Supplier business continuity plan (BCP)
• B. Information security policy
• C. Application capabilities
• D. Data classification

Correct answer: D

Explanation

Data classification is crucial because it helps determine the sensitivity and handling requirements of the data involved, which directly impacts service level requirements. The other options, while important, do not specifically address the different levels of data sensitivity and the implications for service levels as clearly as data classification does.