Certified Information Systems Security Professional (CISSP) — Question 44

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Answer options

• A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
• B. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
• C. Data stewardship roles, data handling and storage standards, data lifecycle requirements
• D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Correct answer: C

Explanation

The correct answer, C, highlights the importance of data stewardship roles and standards for handling and storing data, which are crucial for managing data throughout its lifecycle. Options A and B focus on system and compliance roles, which are less relevant to the classification of information itself. Option D emphasizes system authorization and cloud standards, which do not directly address the core factors of data stewardship and handling.