PECB ISO-IEC-27001-Lead-Auditor Question Answer
Question:
As an auditor, you have noticed that ABC Inc. has established a procedure to manage removable storage media. The procedure is based on the classification scheme adopted by ABC Inc.. Thus, if the information stored is classified as "confidential," the procedure applies. However, public information does not have confidentiality requirements, so only integrity and availability controls apply. What type of audit finding is this?