Certified Information Security Manager (CISM) — Question 1203

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

Answer options

• A. Information owner
• B. Information security steering committee
• C. Senior management
• D. Information security manager

Correct answer: C

Explanation

The correct answer is C, Senior management, as they are responsible for establishing the strategic direction and ensuring that the classification framework meets business objectives. Options A, B, and D may contribute to the process, but it is senior management that ultimately holds the primary responsibility for such strategic initiatives.