nerdexam
(ISC)2

CISSP · Question #959

To ensure proper governance of information throughout the lifecycle, which of the following should be assigned FIRST?

The correct answer is B. Classification. Proper information governance requires classification to be assigned first, as it determines how all other governance controls are applied throughout the data lifecycle.

Submitted by carlos_mx· Mar 5, 2026Asset Security

Question

To ensure proper governance of information throughout the lifecycle, which of the following should be assigned FIRST?

Options

  • AOwner
  • BClassification
  • CCustodian
  • DRetention

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    90% (19)
  • C
    5% (1)

Why each option

Proper information governance requires classification to be assigned first, as it determines how all other governance controls are applied throughout the data lifecycle.

AOwner

An owner cannot effectively fulfill their responsibilities-such as determining access controls and acceptable use-without first knowing the classification level of the information they are overseeing.

BClassificationCorrect

Classification must be assigned first because it defines the sensitivity and value of the information, which then drives all subsequent governance decisions. Without knowing whether data is public, internal, confidential, or restricted, you cannot appropriately assign ownership responsibilities, apply retention schedules, or designate custodians. Classification is the foundational metadata that informs every other lifecycle governance control.

CCustodian

A custodian is responsible for the technical safeguarding and storage of data, but those protections must be calibrated to the data's sensitivity, which is only known after classification is assigned.

DRetention

Retention schedules and policies are determined by the type, sensitivity, and regulatory requirements tied to the data, all of which depend on classification being established first.

Concept tested: Information lifecycle governance and data classification priority

Source: https://www.nist.gov/system/files/documents/2019/03/19/nist_privacy_framework_concept_paper_20190206.pdf

Topics

#Information governance#Data classification#Data lifecycle#Data ownership

Community Discussion

No community discussion yet for this question.

Full CISSP Practice