nerdexam
(ISC)2

CISSP · Question #1326

Which of the following is an initial consideration when developing an information security management system?

The correct answer is B. Understand the value of the information assets. When developing an information security management system (ISMS), an initial consideration is to understand the value of the information assets that the organization owns or processes. An information asset is any data, information, or knowledge that has value to the organization

Submitted by kavita_s· Mar 5, 2026Security and Risk Management

Question

Which of the following is an initial consideration when developing an information security management system?

Options

  • AIdentify the contractual security obligations that apply to the organizations
  • BUnderstand the value of the information assets
  • CIdentify the level of residual risk that is tolerable to management
  • DIdentify relevant legislative and regulatory compliance requirements

How the community answered

(48 responses)
  • A
    2% (1)
  • B
    81% (39)
  • C
    10% (5)
  • D
    6% (3)

Explanation

When developing an information security management system (ISMS), an initial consideration is to understand the value of the information assets that the organization owns or processes. An information asset is any data, information, or knowledge that has value to the organization and supports its mission, objectives, and operations. Understanding the value of the information assets helps to determine the appropriate level of protection and investment for them, as well as the potential impact and consequences of losing, compromising, or disclosing them. Understanding the value of the information assets also helps to identify the stakeholders, owners, and custodians of the information assets, and their roles and responsibilities in the ISMS.

Topics

#ISMS#Asset valuation#Risk management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice