Certified Information Systems Security Professional (CISSP) — Question 462

Which of the following criteria ensures information is protected relative to its importance to the organization?

Answer options

• A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
• B. The value of the data to the organization's senior management
• C. Organizational stakeholders, with classification approved by the management board
• D. Legal requirements determined by the organization headquarters' location

Correct answer: A

Explanation

Option A is correct because it encompasses all the essential criteria for protecting information based on its importance, including legal requirements and sensitivity. The other options focus on narrower aspects, such as management's perspective (B), stakeholder involvement (C), or location-based legalities (D), which do not fully address the broader criteria for information protection.