CISSP · Question #1307
Which of the fallowing statements is MOST accurate regarding information assets?
The correct answer is B. S3 Information assets include any information that is valuable to the organization,. This question tests understanding of what constitutes an information asset in information security management. The most accurate and complete definition is that information assets include any information valuable to the organization.
Question
Options
- AInternational Organization for Standardization (ISO) 27001 compliance specifies which
- BS3 Information assets include any information that is valuable to the organization,
- CBuilding an information assets register is a resource-intensive job.
- DInformation assets inventory is not required for risk assessment.
How the community answered
(32 responses)- B91% (29)
- C6% (2)
- D3% (1)
Why each option
This question tests understanding of what constitutes an information asset in information security management. The most accurate and complete definition is that information assets include any information valuable to the organization.
ISO 27001 does not prescribe or mandate which specific information assets an organization must have; instead, it requires organizations to identify and manage their own assets based on their unique context and risk environment.
Information assets are broadly defined as any information that holds value to an organization, regardless of format or medium - including digital data, physical records, intellectual property, and proprietary processes. This definition aligns with ISO 27001 and general information security management principles, which emphasize protecting all valuable information rather than limiting scope to specific types. Accurately identifying what constitutes an information asset is foundational to building an asset register and conducting risk assessments.
While building an information asset register can be time-consuming, stating it is 'resource-intensive' is not the MOST accurate or defining statement about information assets themselves - it describes a process characteristic rather than the nature of information assets.
This is factually incorrect; an information assets inventory is a critical prerequisite for risk assessment, as you cannot assess risks to assets you have not identified and catalogued.
Concept tested: Definition and scope of information assets in security management
Source: https://www.iso.org/standard/27001
Topics
Community Discussion
No community discussion yet for this question.