Effectiveness is about real-world enforcement, and access rights based on classification is the clearest sign that the program is functioning as intended.
Change my mind, the answer should be D because D shows that business units are applying classification in practice that making the program effective across the organization.
A is necessary but may only reflect IT enforcement, not broader organizational usage and understanding.
It's the best evidence of practical, real-world effectiveness, especially from a business-integrated audit perspective. So, D is the best option.
While having access rights provisioned according to the classification scheme (option A) is important, it alone may not provide a comprehensive view of the program's effectiveness. Business use cases and scenarios offer tangible evidence of how the data classification program contributes to achieving organizational goals and protecting sensitive information, making them the best choice for supporting an auditor's conclusion.
Business use cases and scenarios provide insight into how real-world operations use data and what the risks are. These case studies allow auditors to assess whether your data classification program meets real-world business needs.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
maxson69
1 month, 3 weeks agomaxson69
1 month, 3 weeks ago9967be3
3 months, 2 weeks agoSwallows
1 year, 2 months agoSwallows
1 year agoshiowbah
1 year, 9 months agoshiowbah
1 year, 8 months ago