CISM - Information Security Program - Section 3.2
Identify and classify information assets to determine appropriate protection requirements.
Build and maintain an asset inventory, then apply a data classification scheme to categorise information assets by sensitivity and business value. Use classification outcomes to determine the level of protection required and the appropriate controls for each asset category.
Asset inventoryData classificationInformation assetData sensitivity
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.