Certified Information Security Manager (CISM) — Question 443

When developing an asset classification program, which of the following steps should be completed FIRST?

Answer options

• A. Implement a data loss prevention (DLP) system.
• B. Categorize each asset.
• C. Create a business case for a digital rights management tool.
• D. Create an inventory.

Correct answer: D

Explanation

The first step in developing an asset classification program is to create an inventory, as it allows organizations to identify and understand what assets they have. Without an accurate inventory, categorizing assets or implementing protective measures like a DLP system would be ineffective, as the organization wouldn't know what needs to be classified or protected.