PrepAway - Latest Free Exam Questions & Answers

Which of the following would be the BEST criterion to c…

Which of the following would be the BEST criterion to consider in determining the classification of an
information asset?

PrepAway - Latest Free Exam Questions & Answers

A.
Value

B.
Age

C.
Useful life

D.
Personal association

Explanation:
The ‘value’ of an information asset should be used to classify the information asset.
The rationale behind assigning values to different types of data is that it enables a company to gauge the
amount of funds and resources that should go toward protecting each type of data, because not all data has the
same value to a company. After identifying all important information, it should be properly classified. A company
has a lot of information that is created and maintained. The reason to classify data is to organize it according to
its sensitivity to loss, disclosure, or unavailability. Once data is segmented according to its sensitivity level, the
company can decide what security controls are necessary to protect different types of data. This ensures that
information assets receive the appropriate level of protection, and classifications indicate the priority of that
security protection.
Incorrect Answers:B: The age of an information asset is not the best criterion to consider in determining the classification of the
information asset.
C: The useful life of an information asset is not the best criterion to consider in determining the classification of
the information asset.
D: The personal association of an information asset is not the best criterion to consider in determining the
classification of the information asset.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 109


Leave a Reply