CISSP · Question #1326
Which of the following is an initial consideration when developing an information security management system?
The correct answer is B. Understand the value of the information assets. When developing an information security management system (ISMS), an initial consideration is to understand the value of the information assets that the organization owns or processes. An information asset is any data, information, or knowledge that has value to the organization
Question
Which of the following is an initial consideration when developing an information security management system?
Options
- AIdentify the contractual security obligations that apply to the organizations
- BUnderstand the value of the information assets
- CIdentify the level of residual risk that is tolerable to management
- DIdentify relevant legislative and regulatory compliance requirements
How the community answered
(48 responses)- A2% (1)
- B81% (39)
- C10% (5)
- D6% (3)
Explanation
When developing an information security management system (ISMS), an initial consideration is to understand the value of the information assets that the organization owns or processes. An information asset is any data, information, or knowledge that has value to the organization and supports its mission, objectives, and operations. Understanding the value of the information assets helps to determine the appropriate level of protection and investment for them, as well as the potential impact and consequences of losing, compromising, or disclosing them. Understanding the value of the information assets also helps to identify the stakeholders, owners, and custodians of the information assets, and their roles and responsibilities in the ISMS.
Topics
Community Discussion
No community discussion yet for this question.