ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 999 discussion

Actual exam question from Isaca's CISM
Question #: 999
Topic #: 1
[All CISM Questions]

Which of the following should be done FIRST when developing an information asset classification policy?

  • A. Identify accountability for information assets throughout the organization.
  • B. Establish the criteria that define an asset's classification level.
  • C. Identify existing security measures for protecting assets.
  • D. Obtain executive input to identify high-value assets to be classified.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by richck102 at Oct. 24, 2023, 7:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Shackman66
1 month ago
Selected Answer: B
first establish how to identify the data.
upvoted 1 times
...
yottabyte
9 months, 2 weeks ago
Selected Answer: A
I wanted to go B but I will go with A here, the below is the beginning to end... Inventory of assets -> Establish Asset Owner -> Establish the criteria that define an asset classification level -> Create asset classifications -> Get Asset Owner to classify the asset
upvoted 3 times
...
Marcelus1714
10 months, 3 weeks ago
Selected Answer: B
but B says "Establish the criteria that define an asset's classification level", I would agree with the marked answer (B) first establish the criteria, if you go to the accountable individual to ask to classify data, if he does not have the criteria, what? first the criteria, and then you go to the accountable people and classify their data
upvoted 2 times
...
AlexJacobson
11 months ago
Selected Answer: A
Option A basically means "identify the owner of an asset", which is a prerequisite for everything else, including deriving a value of the asset and its classification.
upvoted 2 times
AlexJacobson
11 months ago
Also this: https://www.itgovernance.co.uk/blog/what-is-information-classification-and-how-is-it-relevant-to-iso-27001
upvoted 1 times
...
...
Uncle_Lucifer
1 year ago
Selected Answer: A
Have to account for assets before creating criteria that will govern them. --> A. If you don't account for the assets, the criteria developed may be ineffective especially if unaccounted asset has a grave impact when an incidence occurs.
upvoted 3 times
...
Soleandheel
1 year, 1 month ago
B. Establish the criteria that define an asset's classification level.
upvoted 2 times
...
SilverFox
1 year, 2 months ago
Selected Answer: A
It is the information asset owner that is accountable surely? And they are responsible for classifying data assets.
upvoted 1 times
...
richck102
1 year, 2 months ago
Selected Answer: B
B. Establish the criteria that define an asset's classification level.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel