CISSP · Question #403
CISSP Question #403: Real Exam Question with Answer & Explanation
The correct answer is D: Information classification scheme. A security practitioner who has been tasked with establishing organizational asset handling procedures should consider the information classification scheme as the factor that would have the greatest impact to the development of these procedures. An information classification sch
Question
A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?
Options
- AMedia handling procedures
- BUser roles and responsibilities
- CAcceptable Use Policy (ALP)
- DInformation classification scheme
Explanation
A security practitioner who has been tasked with establishing organizational asset handling procedures should consider the information classification scheme as the factor that would have the greatest impact to the development of these procedures. An information classification scheme is a set of policies and rules that define how the organization's information assets are categorized and labeled according to their sensitivity, value, and criticality. The information classification scheme also determines the appropriate security controls, access rights, retention periods, and disposal methods for each category of information. By applying an information classification scheme, the organization can ensure that its asset handling procedures are consistent, effective, and aligned with its security objectives and compliance requirements.
Topics
Community Discussion
No community discussion yet for this question.