nerdexam
(ISC)2

CISSP · Question #1307

Which of the fallowing statements is MOST accurate regarding information assets?

The correct answer is B. S3 Information assets include any information that is valuable to the organization,. This question tests understanding of what constitutes an information asset in information security management. The most accurate and complete definition is that information assets include any information valuable to the organization.

Submitted by yousef_jo· Mar 5, 2026Asset Security

Question

Which of the fallowing statements is MOST accurate regarding information assets?

Options

  • AInternational Organization for Standardization (ISO) 27001 compliance specifies which
  • BS3 Information assets include any information that is valuable to the organization,
  • CBuilding an information assets register is a resource-intensive job.
  • DInformation assets inventory is not required for risk assessment.

How the community answered

(32 responses)
  • B
    91% (29)
  • C
    6% (2)
  • D
    3% (1)

Why each option

This question tests understanding of what constitutes an information asset in information security management. The most accurate and complete definition is that information assets include any information valuable to the organization.

AInternational Organization for Standardization (ISO) 27001 compliance specifies which

ISO 27001 does not prescribe or mandate which specific information assets an organization must have; instead, it requires organizations to identify and manage their own assets based on their unique context and risk environment.

BS3 Information assets include any information that is valuable to the organization,Correct

Information assets are broadly defined as any information that holds value to an organization, regardless of format or medium - including digital data, physical records, intellectual property, and proprietary processes. This definition aligns with ISO 27001 and general information security management principles, which emphasize protecting all valuable information rather than limiting scope to specific types. Accurately identifying what constitutes an information asset is foundational to building an asset register and conducting risk assessments.

CBuilding an information assets register is a resource-intensive job.

While building an information asset register can be time-consuming, stating it is 'resource-intensive' is not the MOST accurate or defining statement about information assets themselves - it describes a process characteristic rather than the nature of information assets.

DInformation assets inventory is not required for risk assessment.

This is factually incorrect; an information assets inventory is a critical prerequisite for risk assessment, as you cannot assess risks to assets you have not identified and catalogued.

Concept tested: Definition and scope of information assets in security management

Source: https://www.iso.org/standard/27001

Topics

#information assets#asset classification#asset inventory#data valuation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice