Examice

Exam CISSP All QuestionsBrowse all questions from this exam

Go to Exam

Question 118

Which of the following criteria ensures information is protected relative to its importance to the organization?

Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification

The value of the data to the organization's senior management

Organizational stakeholders, with classification approved by the management board

Legal requirements determined by the organization headquarters' location

Correct Answer: A

The criteria that ensure information is protected relative to its importance to the organization include legal requirements, the value of the information, its criticality to business operations, and its sensitivity to unauthorized disclosure or modification. Legal requirements ensure compliance with laws and regulations, while considering value and criticality helps prioritize resources to protect the most important information. Sensitivity to unauthorized disclosure or modification addresses the need to safeguard against breaches that could harm the organization. Therefore, the answer encompasses all necessary aspects for information protection.

Discussion

JAckThePipOption: A

Answer is A "Information must be classified in terms of legal requirements, value, criticality and sensitivity to any unauthorised disclosure or modification, ideally classified to reflect business activity rather than inhibit or complicate" https://www.isms.online/iso-27001/annex-a-8-asset-management/

jackdryan

A is correct

CuteRabbit168Option: A

A data classification identifies the value of the data to the organization and is critical to protect data confidentiality and integrity.

Cww1Option: A

agree with A

RamyeOption: B

Organization’s senior management decides the value of the data and we have to protect those accordingly. We do not secure and put controls without senior managements’ input.

Ramye

On a second thought, I think C is more important than B. Stakeholders (business owners) are the data owners and their input is most important.

georgegeorge125487Option: C

Information is protected as a result of management decision, not because you identify criteria to classify information.

Bach1968Option: A

A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification. Ensuring that information is protected relative to its importance to the organization involves considering several criteria. Legal requirements, such as data protection laws and industry regulations, provide a baseline for protecting sensitive information.

HughJassoleOption: A

A. It's all encompassing.

xxxBadManxxxOption: C

c is the correct ans

somkiatrOption: A

Just eliminated B,C, and D then chose A.

[Removed]Option: A

A all day baby!

gooftroopOption: C

C. Organizational stakeholders, with classification approved by the management board

Rollizo

really it is A, because you need first to classify for the stakeholders take the decision

Ramye

This is exactly what my thinking. Information needs to be protected according to organization’s needs and not just because we want to.