ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CGEIT All Questions

View all questions & answers for the CGEIT exam
Go to Exam

Exam CGEIT topic 1 question 441 discussion

Actual exam question from Isaca's CGEIT
Question #: 441
Topic #: 1
[All CGEIT Questions]

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

  • A. Information security policy
  • B. Business impact
  • C. Information architecture
  • D. Industry standards
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yihwen at June 20, 2023, 4:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yihwen
1 year, 7 months ago
Selected Answer: B
B. Business impact. Establishing categories within an information classification scheme is typically done to ensure that information assets are appropriately protected based on their value and sensitivity. Business impact is a critical factor in determining the level of protection and controls required for different types of information. By considering the business impact, organizations can assess the potential consequences of unauthorized disclosure, alteration, or loss of information. Information assets with higher business impact, such as confidential customer data, intellectual property, or financial records, may require stricter controls and a higher classification level to safeguard their confidentiality, integrity, and availability.
upvoted 3 times
SuperMax
10 months, 3 weeks ago
While all the options mentioned can play a role in establishing categories within an information classification scheme, the business impact is typically the primary consideration. Understanding the impact of the information on the organization's operations, reputation, legal requirements, and other factors helps determine the appropriate level of protection and handling procedures for different types of information. The information security policy, information architecture, and industry standards are important considerations as well, but they often derive from or align with the business impact assessment. Ultimately, the goal of information classification is to ensure that information receives an appropriate level of protection and handling based on its importance to the organization, which is closely tied to its business impact.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel