ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 899 discussion

Actual exam question from Isaca's CISM
Question #: 899
Topic #: 1
[All CISM Questions]

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

  • A. Information owner
  • B. Information security steering committee
  • C. Senior management
  • D. Information security manager
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by iacini at Sept. 12, 2023, 1:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
iacini
Highly Voted 1 year ago
Selected Answer: C
For classifying the data I agree that Information Owner is responsible, but for designing the framework? I would say Information Security Manager.
upvoted 8 times
AlexJacobson
8 months, 2 weeks ago
Agreed! Senior management or steering committee are there to approve it. Infosec manager should design it.
upvoted 2 times
...
...
SHERLOCKAWS
Most Recent 1 week, 3 days ago
Selected Answer: D
Correct answer is D. Information Security Manager because he is the primary doer in developing the classification framework. The steering committee supports and approves, but doesn’t create.
upvoted 1 times
...
shootnot
4 months, 3 weeks ago
Either A or D because Senior management is not responsible for developing anything. Either they are accountable or approve but do not develop. The best answer is ISM in conjunction with Information Owner but here both choices are given.
upvoted 1 times
...
Marcelus1714
7 months, 3 weeks ago
Selected Answer: C
It says "for developing an information classification framework", the information owner FOLLOWs the framework, but does not develop it... I would go for C
upvoted 1 times
...
jcisco123
7 months, 3 weeks ago
Selected Answer: D
It should be D.
upvoted 2 times
...
oluchecpoint
1 year ago
Selected Answer: A
A. Information owner Information owners are typically responsible for classifying and categorizing information assets based on their importance and sensitivity to the organization. They work closely with business units to understand the value and requirements of the information, and they play a key role in determining how information should be classified and protected.
upvoted 1 times
...
richck102
1 year ago
Selected Answer: C
C. Senior management
upvoted 1 times
...
Ej24356
1 year ago
I think that information owners are responsible for making decisions about the classification and protection of specific information assets within their radar. They understand the value and sensitivity of the information they manage and are in the best position to determine how it should be classified as well as protected to align with business needs.
upvoted 1 times
AlexJacobson
8 months, 2 weeks ago
Yeah, but the question is about the framework
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago