It is the preferred risk control strategy.

It is the most common of the mitigation procedures.

This strategy is based on the conclusion that the cost of protecting an asset does not justify the security expenditure

Access to information with this classification is strictly on a need-to-know basis or as required by the terms of a contract.

It is the determination of the extent to which the organization’s information assets are exposed or at risk.

It is the most strategic and long term among the three mitigation procedures.

Which of the following is NOT an example of Commercial Data Classification and Management?