Isaca Certified Information Security Manager CISM Question # 202 Topic 21 Discussion

CISM Exam Topic 21 Question 202 Discussion:

Question #: 202

Topic #: 21

Which of the following is necessary to ensure consistent protection for an organization's information assets?

Classification model

Control assessment

Data ownership

Regulatory requirements

Get Premium CISM Questions

Explanation

The answer to the question is A. Classification model. This is because a classification model is a system of assigning labels or categories to information assets based on their value, sensitivity, and criticality to the organization. A classification model helps to ensure consistent protection for the organization’s information assets by:

Providing a common language and criteria for defining and communicating the security requirements and expectations for the information assets

Enabling the identification and prioritization of the information assets that need the most protection and resources

Facilitating the implementation and enforcement of the appropriate level of security controls and measures for the information assets, based on their classification

Supporting the compliance with the legal, regulatory, and contractual obligations regarding the information assets, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA)

A classification model is a system of assigning labels or categories to information assets based on their value, sensitivity, and criticality to the organization. A classification model helps to ensure consistent protection for the organization’s information assets by providing a common language and criteria for defining and communicating the security requirements and expectations for the information assets, enabling the identification and prioritization of the information assets that need the most protection and resources, facilitating the implementation and enforcement of the appropriate level of security controls and measures for the information assets, based on their classification, and supporting the compliance with the legal, regulatory, and contractual obligations regarding the information assets. (From CISM Manual or related resources)

References = CISM Review Manual 15th Edition, Chapter 2, Section 2.2.1, page 751; CISA Domain 5 - Protection of Information Assets2; CISM domain 3: Information security program development and management [2022 update]3; CISM Domain 2: Information Risk Management (IRM) [2022 update]4

Actual exam question for Isaca CISM exam by Phoenix1171 at Aug 3, 2025, 5:25:52 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified Information Security Manager CISM Question # 202 Topic 21 Discussion

Isaca Certified Information Security Manager CISM Question # 202 Topic 21 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified Information Security Manager CISM Question # 202 Topic 21 Discussion

Isaca Certified Information Security Manager CISM Question # 202 Topic 21 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval