Which of the following criteria ensures information is protected relative to its importance to the organization?
Which of the following criteria ensures information is protected relative to its importance to the organization?
The criteria that ensure information is protected relative to its importance to the organization include legal requirements, the value of the information, its criticality to business operations, and its sensitivity to unauthorized disclosure or modification. Legal requirements ensure compliance with laws and regulations, while considering value and criticality helps prioritize resources to protect the most important information. Sensitivity to unauthorized disclosure or modification addresses the need to safeguard against breaches that could harm the organization. Therefore, the answer encompasses all necessary aspects for information protection.
Answer is A "Information must be classified in terms of legal requirements, value, criticality and sensitivity to any unauthorised disclosure or modification, ideally classified to reflect business activity rather than inhibit or complicate" https://www.isms.online/iso-27001/annex-a-8-asset-management/
A is correct
A data classification identifies the value of the data to the organization and is critical to protect data confidentiality and integrity.
agree with A
C. Organizational stakeholders, with classification approved by the management board
really it is A, because you need first to classify for the stakeholders take the decision
This is exactly what my thinking. Information needs to be protected according to organization’s needs and not just because we want to.
A all day baby!
Just eliminated B,C, and D then chose A.
c is the correct ans
A. It's all encompassing.
A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification. Ensuring that information is protected relative to its importance to the organization involves considering several criteria. Legal requirements, such as data protection laws and industry regulations, provide a baseline for protecting sensitive information.
Information is protected as a result of management decision, not because you identify criteria to classify information.
Organization’s senior management decides the value of the data and we have to protect those accordingly. We do not secure and put controls without senior managements’ input.
On a second thought, I think C is more important than B. Stakeholders (business owners) are the data owners and their input is most important.