When talking about RISK ASSESSMENT it's likelihood and impact that need to be addressed. sensitivity and criticality are important for DLP or even BCP planning.
CISM AIO, 2nd > Asset Classification "In asset classification, an organization assigns an asset to a category representing usage or
risk. In an information security program, the purpose of asset classification is to deter-
mine, for each asset, its level of criticality to the organization.
Criticality can be related to information sensitivity...."
B. Likelihood and Impact.
This classification helps in evaluating the potential risks and their significance in terms of how likely they are to occur and what impact they might have on the organization.
Risks are evaluated by likelihood and impact, not assets. Assets are evaluated by their value, ergo sensitivity and criticality. And only based on that you do risk assessment of those assets.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SHERLOCKAWS
3 weeks, 1 day agosphenixfire
1 year, 1 month agooluchecpoint
1 year, 2 months agoAlexJacobson
9 months, 3 weeks agooluchecpoint
9 months, 2 weeks agoCrackyPatch
1 year, 5 months agorichck102
1 year, 5 months agoZiggybooboo
2 years, 1 month agok4d4v4r
2 years, 1 month agocosmo4ng
2 years ago