Certified Information Security Manager (CISM) — Question 502

Which of the following should be an information security managers MOST important consideration when determining if an information asset has been classified appropriately?

Answer options

• A. Value to the business
• B. Security policy requirements
• C. Ownership of information
• D. Level of protection

Correct answer: A

Explanation

The correct answer is A, as the value to the business is crucial in determining how critical the asset is and how it should be protected. While security policy requirements, ownership, and level of protection are important, they should align with the asset's value to the organization to ensure effective risk management.