Certified Information Security Manager (CISM) — Question 358

Which of the following is the GREATEST benefit of information asset classification?

Answer options

• A. Supporting segregation of duties
• B. Defining resource ownership
• C. Providing a basis for implementing a need-to-know policy
• D. Helping to determine the recovery point objective (RPO)

Correct answer: C

Explanation

The correct answer is C, as classifying information assets provides the necessary framework to enforce a need-to-know policy effectively. Options A, B, and D, while beneficial, do not address the core advantage of ensuring that sensitive information is accessed only by those who require it for their roles.