Certified Information Security Manager (CISM) — Question 1062

Which of the following is the PRIMARY objective of information asset classification?

Answer options

• A. Threat minimization
• B. Vulnerability reduction
• C. Risk management
• D. Compliance management

Correct answer: C

Explanation

The primary objective of information asset classification is risk management, as it helps organizations identify, evaluate, and prioritize risks associated with their assets. While threat minimization, vulnerability reduction, and compliance management are important, they are secondary to the overarching goal of effectively managing risks.