ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 234 discussion

Actual exam question from Isaca's CISA
Question #: 234
Topic #: 1
[All CISA Questions]

When classifying information, it is MOST important to align the classification to:

  • A. business risk.
  • B. data retention requirements.
  • C. industry standards.
  • D. security policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mibg83 at June 7, 2023, 2:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Greens
2 days, 10 hours ago
Selected Answer: A
When classifying information, the primary goal is to ensure that the level of protection assigned to the data reflects its value and sensitivity to the organization. Therefore, classification should be based on business risk — including the potential impact of data disclosure, alteration, or loss. Why not the others? B. Data retention requirements Retention is a complementary consideration, but it does not drive classification. C. Industry standards These provide guidance, but may not fully align with the specific risks and needs of the organization. D. Security policy The security policy should be based on the classification, not the other way around. Policies enforce classification schemes, not define them.
upvoted 1 times
...
Malsaffar
5 months, 4 weeks ago
Selected Answer: A
A. business risk. This ensures that the classification reflects the potential impact of data loss or exposure on the organization, prioritizing protection based on the actual risks faced.
upvoted 1 times
...
Henga
1 year ago
A, based oncriticality
upvoted 1 times
...
Swallows
1 year, 2 months ago
Selected Answer: D
The classification of information assets functions like a label in determining the degree of control and management of information by value and importance.
upvoted 1 times
...
dan08
1 year, 3 months ago
Selected Answer: A
Isn't the usual classification is High, Mid, and Low? These are all relating to risks right. When classifying information, the most important consideration is to align the classification to business risk. Information classification involves categorizing data based on its level of sensitivity and importance.
upvoted 2 times
...
Aboodi000
1 year, 7 months ago
I will go withe Bessines risk A
upvoted 2 times
...
[Removed]
1 year, 7 months ago
Selected Answer: A
A. business risk.
upvoted 2 times
...
shiowbah
1 year, 9 months ago
A. business risk.
upvoted 2 times
...
cidigi
1 year, 9 months ago
C to me.
upvoted 1 times
...
3008
2 years ago
Selected Answer: D
D IS ANSWER
upvoted 2 times
3008
1 year, 12 months ago
Business risk is also an important consideration when classifying information, but it is typically addressed in the security policy. The security policy should identify the risks that the organization faces and the measures that should be implemented to mitigate those risks. The classification system should reflect the risks identified in the security policy, ensuring that sensitive data is protected appropriately.
upvoted 3 times
...
...
mibg83
2 years ago
Selected Answer: D
security police
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel