Exam CISSP topic 1 question 155 discussion

"classifying information " isnt its Data owner(steward) job ?

From Google: Data stewardship is the collection of practices that ensure an organization's data is accessible, usable, safe, and trusted.

classifying information = classifying data. Other options do not talk about data, but A and C. A starts with system owner roles. System owner or Data steward. Which one is more important on this issue? Data steward. So, it is C

Since the question doesn't specify the assets are: - related to software development (e.g. source code repositories) - storage only - on the cloud I'm going with C

Guys the correct answer is C. Data Stewart..... A. could have been the best answer if it said Data owner as opposed to system owner.

Life Cycle! Categorize the Data, Classify (active data, or data at rest, retention period) all these is covered in the question itself. Data Owner is responsible to identifying and categorizing, legal team is will decide how to retain the data, data at rest must be secured (encrypted). the answer is "A" - See below Oban has good explanation

A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements are important factors that must be considered when classifying information and supporting assets for risk management, legal discovery, and compliance. In order to effectively manage the risks associated with sensitive information, it is important to understand who is responsible for that information, how it is supposed to be handled, and where and how it is stored. This includes understanding the roles and responsibilities of system owners, who are responsible for the security and operation of the systems that hold the data, as well as the standards for data handling and storage and the requirements for secure development lifecycle (SDLC) . This can help organizations to ensure that they are following best practices for protecting sensitive information and meeting regulatory requirements. B,C and D options also include some important factors that need to be considered but A option covers most of the important points for classifying information and assets for risk management, legal discovery and compliance. - openai

Data steward A person responsible for data management from a business and stakeholder perspective; may or may not also be a custodian or owner. Data stewards ensure that data quality meets business needs, that data is supported by sufficient metadata to make it easy to use, and that it meets all regulatory requirements. They also work with stakeholders to create and monitor data acquisition and dissemination procedures.

C is better than A. Reference : https://www.techtarget.com/searchdatamanagement/definition/data-stewardship

The question is asking for "classifying information and supporting assets"

Definitely C

It is not specifically for data, hence A makes more sense

It is data lifecycle not secure development lifecycle. This is really a give away why it is NOT A.

data stewards are first to be asked...