Q: 8
When classifying information, it is MOST important to align the classification to:
Options
Discussion
Option A, business risk. Info classification really needs to map directly to what could impact the business most.
A . Classification always comes back to business risk, since that's what determines the level of control or protection you need. Policy is important but it's built from risk assessments anyway.
A, Practice exams and the ISACA official review manual both say business risk is the top factor here. Someone disagree?
A
I don’t think it’s A. B makes more sense since aligning with the security policy ensures everyone classifies data the same way across the org. Business risk is important too but policies are what everyone actually follows day to day. Could be wrong here but that’s my take, especially thinking about real-life processes. Anyone disagree?
Yeah, it's A here. Risk is the driver for classification priorities in ISACA's framework.
Official guide points to A, business risk is what drives classification level decisions. Aligning to it ensures the right controls for confidentiality and impact. Pretty sure on this, but always worth double-checking with official ISACA material if in doubt.
Not B, A. Security policy matters but business risk is the trap-breaker here.
Guessing A, but if data retention was the key requirement instead of risk, maybe C could fit. Depends on what they want you to prioritize in the scenario.
I don’t think B makes sense here. A (business risk) is what I saw on similar exam reports.
Be respectful. No spam.
