Certified Information Security Manager (CISM) — Question 856

An information security team has been tasked with identifying confidential data within the organization to formalize its asset classification scheme. The MOST relevant input would be provided by:

Answer options

• A. business process owners.
• B. the legal department.
• C. the chief information officer (CIO).
• D. database administrators (DBAs).

Correct answer: A

Explanation

Business process owners have direct knowledge of the data generated and processed within their departments, making them the most valuable source for identifying confidential information. While the legal department, CIO, and DBAs can contribute insights, they do not possess the same level of detail about the operations and data classifications necessary for this task.