Certified Information Security Manager (CISM) — Question 131

Which of the following is the PRIMARY driver for determining the classification of application systems?

Answer options

• A. The cost of repairing damage to system elements
• B. The extent that compromise can affect revenue
• C. The cost to implement regulatory requirements
• D. Controlling access based on the need to know

Correct answer: B

Explanation

The correct answer is B, as the impact of a compromise on revenue is a critical consideration for classifying application systems. Options A and C focus on costs associated with damage and compliance, which are important but secondary to the potential financial impact. Option D pertains to access control, which is relevant but not the primary driver for classification.