B. The extent that compromise can affect revenue.
Classifying application systems is often based on the potential impact of a security breach or compromise. Assessing how a compromise could affect revenue, reputation, data integrity, and other critical business factors helps organizations prioritize their security efforts and allocate resources accordingly. While the other factors mentioned (cost of repairing damage, cost to implement regulatory requirements, and controlling access based on the need to know) are important considerations in information security, they are usually secondary to the primary goal of protecting the organization's revenue and core business functions.
According to the CISM Review Manual, 15th Edition:
"Information security policies must address asset classification and handling, including the definition and relative hierarchy of classifications... Organizations should also implement procedures to address authorization based on a need-to-know/need-to-use basis, especially for highly sensitive data."
To me, the answer should be B.
Classifications shouldn't necessarily determine need to know access. But, classifying systems can show the extent that compromise could impact the company.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aokisan
Highly Voted 1 year, 11 months agoServerBrain
Most Recent 1 month agooluchecpoint
1 year, 2 months ago[Removed]
1 year, 3 months ago[Removed]
1 year, 3 months agowello
1 year, 5 months agorichck102
1 year, 5 months agosedardna
1 year, 5 months agodedfef
1 year, 7 months agojaiz
1 year, 8 months agokortcl
1 year, 8 months ago