Certified Information Security Manager (CISM) — Question 580

Which of the following is MOST important to consider when determining the criticality and sensitivity of an information asset?

Answer options

• A. Results of business continuity testing
• B. Number of threats that can impact the asset
• C. Investment required to protect the asset
• D. Business functions supported by the asset

Correct answer: D

Explanation

The correct answer is D because understanding the business functions supported by the asset helps in assessing its criticality to organizational operations. Options A, B, and C, while relevant, do not directly address the asset's role in supporting core business activities, which is essential for determining its importance.