Certified Information Systems Security Professional (CISSP) — Question 469

Why is data classification control important to an organization?

Answer options

• A. To enable data discovery
• B. To ensure security controls align with organizational risk appetite
• C. To ensure its integrity, confidentiality and availability
• D. To control data retention in alignment with organizational policies and regulation

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of aligning security controls with the organization's risk appetite, ensuring that security measures are appropriate for the level of risk the organization is willing to accept. Options A, C, and D, while relevant to data management, do not specifically address the alignment of security with organizational risk, which is crucial for effective risk management.