nerdexam
(ISC)2

CISSP-ISSEP · Question #24

Which of the following is required to determine classification and ownership?

The correct answer is A. System and data resources are properly identified. Determining classification and ownership requires first knowing what assets exist - you cannot classify or assign ownership to resources that haven't been identified. Option A is correct because identifying system and data resources is the foundational prerequisite: once assets a

Governance and Training

Question

Which of the following is required to determine classification and ownership?

Options

  • ASystem and data resources are properly identified
  • BAccess violations are logged and audited
  • CData file references are identified and linked
  • DSystem security controls are fully integrated

How the community answered

(39 responses)
  • A
    90% (35)
  • B
    3% (1)
  • C
    3% (1)
  • D
    5% (2)

Explanation

Determining classification and ownership requires first knowing what assets exist - you cannot classify or assign ownership to resources that haven't been identified. Option A is correct because identifying system and data resources is the foundational prerequisite: once assets are catalogued, you can label their sensitivity (classification) and assign responsibility (ownership).

Why the distractors are wrong:

  • B (logging access violations) is a monitoring/audit control that comes after classification and ownership are established, not before.
  • C (identifying and linking data file references) relates to data lineage or dependency mapping, which is a separate concern from classification and ownership determination.
  • D (fully integrating security controls) is an implementation step that occurs downstream, once you already know what you're protecting and who owns it.

Memory tip: Think "identify before you classify" - ownership and classification are impossible without a complete inventory. If you can't name it, you can't own it or label it.

Topics

#Data Classification#Data Ownership#Asset Identification#Information Governance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice