Certified Information Security Manager (CISM) — Question 645

The business value of an information asset is derived from:

Answer options

• A. its replacement cost.
• B. the risk assessment.
• C. its criticality.
• D. the threat profile.

Correct answer: C

Explanation

The correct answer is C, as the criticality of an information asset directly impacts its importance to business operations and decision-making. Options A, B, and D, while relevant to assessing risk and cost, do not specifically address how an asset's value is determined in the context of its significance to the organization.