Which function within the IT corporate structure is responsible for classifying information using an agreed-upon classification scheme for a new data collection system?

Which function within the IT corporate structure is responsible for classifying information using an agreed-upon classification scheme for a new data collection system?
A . Information security
B . Information privacy
C . .IT governance
D . Enterprise architecture

Answer: A

Explanation:

The function within the IT corporate structure responsible for classifying information using an agreed-upon classification scheme for a new data collection system is the Information Security function. Information security ensures that data is properly classified to protect it according to its sensitivity and criticality.

Reference in COBIT 2019 Design and Implementation:

COBIT 2019 Framework: Governance and Management Objectives, APO13 (Managed Security): This objective outlines the responsibilities of the information security function, which includes defining and implementing information classification schemes.

COBIT 2019 Implementation Guide, Chapter 3: This chapter details how information security policies and practices should be established, including the classification of information assets.

COBIT 2019 Framework: Deliver, Service and Support (DSS05, Managed Security Services): This objective highlights the role of information security in managing security services, including data classification and protection measures.

By classifying information, the information security function ensures that data is adequately protected against unauthorized access and breaches, adhering to compliance requirements and supporting the overall security posture of the enterprise.