IIA Exam IIA-CFSA Topic 8 Question 25 Discussion

Actual exam question for IIA's IIA-CFSA exam

Question #: 25
Topic #: 8

Some organizations have information protection policies that place the burden of information

protection on managers in individual organizational units. An information protection policy may include:

AStatements that define information as an asset that must be protected to different degrees based on its sensitivity, criticality, and value, regardless of the media on which it is stored, the manual or automated systems that process it, or the methods by which it is distributed

BStatements outlining the responsibilities of information owners, custodians and users

CDefinitions of the previously audited data and its classifications

DBoth A & B

Show Suggested Answer

Suggested Answer: C

by Vilma at May 03, 2022, 03:17 PM

Limited Time Offer

25%

Off

Get Premium IIA-CFSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

James

13 days ago

I'm not sure, but it makes sense that both defining information as an asset and outlining responsibilities would be important for information protection

upvoted 0 times

...

Roslyn

14 days ago

I agree with Tonette, because information protection policies should define information as an asset and outline responsibilities

upvoted 0 times

...

Tonette

17 days ago

I think the answer is D) Both A & B

upvoted 0 times

...