An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be:
A.
based on the business requirements for confidentiality of the information.
B.
aligned with the organization's segregation of duties requirements.
C.
based on the results of an organization-wide risk assessment.
D.
based on the business requirements for authentication of the information.
Answer: A
Data classification standards are primarily designed to ensure that different types of data are handled appropriately based on their sensitivity and confidentiality requirements
Data classification can be based on a variety of taxonomies, including data sensitivity, data type, regulatory requirements, etc. The taxonomy an organization uses will depend on its unique needs, i.e. the results of its risk assessment.
Option C (risk assessment): This is the CORRECT answer. A risk assessment comprehensively identifies and evaluates potential threats to the organization's data. By understanding the risks, the organization can create data classification standards that prioritize data based on its sensitivity and potential impact if compromised. This ensures proper security measures are implemented for the most critical data.
suggests that the standards should be based on the results of an organization-wide risk assessment. This is a recommended approach to data classification as it ensures that the classification is based on the risk of harm that could result from the unauthorized disclosure, modification or destruction of the information. This approach is aligned with best practices because it helps the organization to identify and prioritize the protection of its most sensitive and valuable data. By classifying data based on the results of a risk assessment, the organization can apply appropriate controls to protect it, such as access controls, encryption, and backup and recovery procedures.
Is confidentiality the only security goal you know of?
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
a84n
8 months, 1 week agoSwallows
8 months, 4 weeks agoKAP2HURUF
10 months, 1 week ago3008
1 year, 7 months ago3008
1 year, 7 months agoEBTURK
1 year, 7 months agoecho_cert
9 months, 1 week ago