What is a reason for the classification of information?

What is a reason for the classification of information?

A. To provide clear identification tags

B. To structure the information according to its sensitivity

C. Creating a manual describing the BYOD policy

View Answer

Answer: B

Explanation:

The reason for the classification of information is to structure the information according to its sensitivity. Information classification is a process of assigning categories or labels to information based on its value, sensitivity, criticality and legal requirements. Information classification helps to determine the appropriate level of security controls and handling procedures for different types of information. Information classification also facilitates the communication of information security requirements and expectations among internal and external parties. ISO/IEC 27001:2022 requires the organization to classify information in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification (see clause A.8.2.1).

Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology ― Security techniques ― Information security management systems ― Requirements, What is Data Classification?