Certified Information Security Manager (CISM) — Question 1096

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

Answer options

• A. Vulnerability assessment
• B. Asset classification
• C. Threat analysis
• D. Internal audit findings

Correct answer: B

Explanation

Asset classification is crucial as it identifies the value and sensitivity of the assets, helping to determine the appropriate level of protection required. While vulnerability assessments, threat analyses, and internal audit findings provide valuable insights, they do not focus specifically on categorizing assets based on their importance, which is key to establishing protective measures.