CISSP · Question #1516
Drag and Drop Question Place the following information classification steps in sequential order. Answer:
The correct answer is Document the information assets; Assign a classification level; Apply the appropriate security markings; Conduct periodic classification reviews; Declassify information when appropriate. Information classification follows a logical lifecycle: you must first identify and document what information assets exist before you can evaluate them, then assign a classification level based on sensitivity and value, apply the appropriate security markings so handlers know how
Question
Exhibit
Answer Area
Drag items
Correct arrangement
- Document the information assets
- Assign a classification level
- Apply the appropriate security markings
- Conduct periodic classification reviews
- Declassify information when appropriate
Explanation
Information classification follows a logical lifecycle: you must first identify and document what information assets exist before you can evaluate them, then assign a classification level based on sensitivity and value, apply the appropriate security markings so handlers know how to protect it, conduct periodic reviews to ensure the classification remains accurate over time, and finally declassify when the information no longer warrants protection. This sequence reflects both practical necessity (you can't classify what you haven't identified) and governance best practices (declassification is always the last step, not an early decision). Skipping or reordering steps would create security gaps, such as marking data before properly evaluating its sensitivity or declassifying without periodic review to justify the decision.
Topics
Community Discussion
No community discussion yet for this question.
