The information classification scheme should:

The information classification scheme should:

The information classification scheme should:

A.
consider possible impact of a security breach.

B.
classify personal information in electronic form.

C.
be performed by the information security manager.

D.
classify systems according to the data processed.

Explanation:

Data classification is determined by the business risk, i.e., the potential impact on the business of
the loss, corruption or disclosure of information. It must be applied to information in all forms, both
electronic and physical (paper), and should be applied by the data owner, not the security
manager. Choice B is an incomplete answer because it addresses only privacy issues, while
choice A is a more complete response. Systems are not classified per se, but the data they
process and store should definitely be classified.



Leave a Reply 0

Your email address will not be published. Required fields are marked *