IIA Exam IIA-CFSA Topic 8 Question 25 Discussion

Actual exam question for IIA's IIA-CFSA exam

Question #: 25
Topic #: 8

Some organizations have information protection policies that place the burden of information

protection on managers in individual organizational units. An information protection policy may include:

AStatements that define information as an asset that must be protected to different degrees based on its sensitivity, criticality, and value, regardless of the media on which it is stored, the manual or automated systems that process it, or the methods by which it is distributed

BStatements outlining the responsibilities of information owners, custodians and users

CDefinitions of the previously audited data and its classifications

DBoth A & B

Show Suggested Answer

Suggested Answer: C

by Vilma at May 03, 2022, 03:17 PM

Limited Time Offer

25%

Off

Get Premium IIA-CFSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lyda

2 months ago

D is the way to go. Anything less wouldn't be a complete information protection policy. Although, I hear the IT guys have a secret policy that just says 'turn it off and on again' - that'll do the trick!

upvoted 0 times

Jacquline

1 months ago

It's always good to have a comprehensive policy in place to protect sensitive information.

upvoted 0 times

...

Juan

1 months ago

Haha, the 'turn it off and on again' policy sounds like a quick fix for IT issues.

upvoted 0 times

...

Venita

2 months ago

I think having both A and B in the policy ensures that all aspects of information protection are covered.

upvoted 0 times

...

Paris

2 months ago

I agree, D covers all the bases when it comes to information protection policies.

upvoted 0 times

...

Darrin

2 months ago

I'm going with D as well. Gotta love a good ol' 'both' option when it comes to policy questions. Makes me wonder if the exam writers are feeling a bit lazy today.

upvoted 0 times

...

Edelmira

2 months ago

D sounds like the most comprehensive option. Covering both the classification of information and the roles and responsibilities makes a lot of sense.

upvoted 0 times

Annette

1 months ago

Having both the classification of information and defined roles and responsibilities is crucial for effective information protection.

upvoted 0 times

...

Iola

1 months ago

It's important for organizations to have clear guidelines on how to protect sensitive information.

upvoted 0 times

...

Ronald

2 months ago

I agree, option D covers all the bases when it comes to information protection policies.

upvoted 0 times

...

Louisa

3 months ago

I think the correct answer is D - Both A & B. The information protection policy should clearly define information as an asset and outline the responsibilities of different stakeholders.

upvoted 0 times

Lavina

1 months ago

Definitely, protecting information is crucial for the organization's security.

upvoted 0 times

...

Asuncion

1 months ago

Yes, it's important for managers to understand the sensitivity and value of information.

upvoted 0 times

...

Audry

2 months ago

I agree, the policy should define information as an asset and outline responsibilities.

upvoted 0 times

...

James

4 months ago

I'm not sure, but it makes sense that both defining information as an asset and outlining responsibilities would be important for information protection

upvoted 0 times

...

Roslyn

4 months ago

I agree with Tonette, because information protection policies should define information as an asset and outline responsibilities

upvoted 0 times

...

Tonette

4 months ago

I think the answer is D) Both A & B

upvoted 0 times

...