A, B, and D mention important factors but focus more on systems or roles not directly related to data classification for risk, legal, and compliance purposes.
classifying information = classifying data. Other options do not talk about data, but A and C. A starts with system owner roles. System owner or Data steward. Which one is more important on this issue? Data steward. So, it is C
Since the question doesn't specify the assets are:
- related to software development (e.g. source code repositories)
- storage only
- on the cloud
I'm going with C
Life Cycle! Categorize the Data, Classify (active data, or data at rest, retention period) all these is covered in the question itself. Data Owner is responsible to identifying and categorizing, legal team is will decide how to retain the data, data at rest must be secured (encrypted).
the answer is "A" - See below Oban has good explanation
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements are important factors that must be considered when classifying information and supporting assets for risk management, legal discovery, and compliance.
In order to effectively manage the risks associated with sensitive information, it is important to understand who is responsible for that information, how it is supposed to be handled, and where and how it is stored. This includes understanding the roles and responsibilities of system owners, who are responsible for the security and operation of the systems that hold the data, as well as the standards for data handling and storage and the requirements for secure development lifecycle (SDLC) . This can help organizations to ensure that they are following best practices for protecting sensitive information and meeting regulatory requirements.
B,C and D options also include some important factors that need to be considered but A option covers most of the important points for classifying information and assets for risk management, legal discovery and compliance. - openai
Data steward
A person responsible for data management from a business and stakeholder perspective; may or may not also be a custodian or owner. Data stewards ensure that data quality meets business needs, that data is supported by sufficient metadata to make it easy to use, and that it meets all regulatory requirements. They also work with stakeholders to create and monitor data acquisition and dissemination procedures.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sandeepghadge
Highly Voted 2 years, 7 months agojackdryan
2 years agofranbarpro
Highly Voted 2 years, 6 months agoBigITGuy
Most Recent 1 month, 2 weeks agoScheds
5 months, 3 weeks agoTheManiac
1 year agosplash2357
1 year, 3 months agoSoleandheel
1 year, 5 months agoMoose01
1 year, 6 months agooban
2 years, 4 months agoDelab202
2 years, 4 months agosomkiatr
2 years, 4 months agoboyin
2 years, 5 months agoJamati
2 years, 6 months agokuberk
2 years, 6 months agoDracoL
2 years, 6 months agoHava_2013
2 years, 6 months agoMG1707
2 years, 7 months ago