CISSP Question #1066: Real Exam Question with Answer & Explanation

The correct answer is B: Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification. Information-classification frameworks (such as ISO/IEC 27001 and common data-classification standards) specify that data should be classified based on legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification so that stronger protections a

Submitted by skyler.x· Mar 5, 2026Asset Security

Question

Which of the following criteria ensures information is protected relative to its importance to the organization?

Options

AThe value of the data to the organization's senior management
BLegal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
CLegal requirements determined by the organization headquarters' location
DOrganizational stakeholders, with classification approved by the management board

Explanation

Information-classification frameworks (such as ISO/IEC 27001 and common data-classification standards) specify that data should be classified based on legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification so that stronger protections are applied to more important or sensitive assets. This multi-factor approach directly ties protection level to how important the information is to the organization's operations, reputation, and compliance posture.

Topics

#information classification#data protection#legal requirements#data criticality

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions