Certified Information Systems Security Professional (CISSP) — Question 93

Which of the following statements is MOST accurate regarding information assets?

Answer options

• A. International Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.
• B. Information assets include any information that is valuable to the organization.
• C. Building an information assets register is a resource-intensive job.
• D. Information assets inventory is not required for risk assessment.

Correct answer: B

Explanation

The correct answer is B because it accurately defines information assets as any information that holds value for the organization. Option A is incorrect as ISO 27001 compliance does not specify particular assets for inventory. Option C is misleading; while it can be resource-intensive, it is not universally true. Option D is false since an inventory of information assets is essential for effective risk assessment.