What should be the PRIMARY objective of an information classification scheme?
What should be the PRIMARY objective of an information classification scheme?
The primary objective of an information classification scheme is to implement controls proportionate to risk. This involves categorizing information based on its sensitivity and criticality to ensure that appropriate security measures are applied, thereby mitigating risks effectively. By doing so, organizations can ensure that their most critical and sensitive information receives the highest level of protection, while less critical information receives a proportionate level of security.
C: The PRIMARY objective of an information classification scheme in the context of the CISM (Certified Information Security Manager) exam is to meet legislative and regulatory requirements1. It ensures that information is appropriately protected and handled according to legal and compliance standards. Not sure why the answer given is D