The first step in ensuring proper governance of information throughout its lifecycle is always to assign an Owner. Classification comes after ownership is established, since the owner determines the appropriate classification.
In establishing proper governance of information throughout its lifecycle, the FIRST assignment is typically the Owner. The owner is responsible for making decisions regarding the data, including its classification, assigning custodianship, determining retention requirements, and overseeing its overall management.
A. Owner ..........You have to assign a data owner first before you classify the data. Data classification is essential but can only happen after a data owner has been assigned. This is because the Data Owner plays a decisive role in the data classification process.
The data owner sometimes refer to as the organizational owner or senior manager is the person who has the ultimate organizational responsibility for data, the owner is typically the chief executive officer (CEO), president or a department head (DH). Data owners identify the classification of data and ensure that it is labeled properly.. in that case the first thing to assign is classification. my point is you dont assign the organizational owner.
Assigning ownership of information is critical to ensuring that the information is properly managed, protected, and governed. When someone is designated as the owner of the information, they are responsible for defining and implementing the policies, procedures, and controls necessary to ensure the confidentiality, integrity, and availability of the information.
B. Classification
Assigning a classification is the first step to ensure proper governance of information throughout the lifecycle. Classification helps to determine the appropriate level of protection that information requires based on its sensitivity and criticality. This then informs the appropriate owner, custodian, retention, and disposal requirements. Therefore, classification is the foundation for effective information governance.
I go with B
it may be difficult to identify the appropriate owner without first classifying the information.
In some organizations is not the owner who classifies the information, it can be information security team, a data governance team or a records management team.
Chicken and Egg question. Oh my. I would say the owner does the classification. But is an owner assigned? and then by who, Custodian? Then who assigns the custodian? I really dislike questions like this.
I can't make up my mind between Owner or Classification. I want to say Owner, because Owners assign the classification. Maybe I'm thinking too technically.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
klarak
Highly Voted 8 months, 2 weeks agoBigITGuy
Most Recent 4 months agoCyberjerry
8 months, 2 weeks agosbloyola
10 months, 1 week agopete79
11 months, 3 weeks agogjimenezf
1 year ago629f731
1 year agoYesPlease
1 year, 1 month agoSoleandheel
1 year, 1 month agoHughJassole
1 year, 7 months agobabaseun
1 year, 9 months agojackdryan
1 year, 8 months agoDelab202
1 year, 10 months agoGoseu
1 year, 10 months agoAlex71
1 year, 11 months ago629f731
1 year agoRollingalx
1 year, 11 months agoBankydo
1 year, 11 months agoiwannapass
1 year, 11 months ago