Correct Answer: D.) Formalizing the process of implementing strict and consistent security controls.
According to the (ISC)² Common Body of Knowledge, the primary goal of data classification is related to both business and security. Data classification, which is the process of categorizing data based on it sensitivity or need for security, helps keeps data secure and ensures that process is cost effective. All four answers are related to those goals.
However, Answer B can be eliminated because it only refers to the integrity of the data. Data classification schemes mainly relate to data confidentiality.
Answers A and C both relate to the very important goal of making the process of data protection cost effective. While Answer A’s link to cost effectiveness is explicit, Answer C is correct in stating that protecting data with unnecessary security controls is a waste of resources. Protecting data costs money, and money must only be spent on data that requires protection. Since both Answers A and C say the same thing, they can both be eliminated.
That leaves Answer D, which focuses on the long-term benefit of data classification. Having a data classification policy in place will force an organization to classify, and thus protect, data as it receives or creates it. Having this security process formalized is the PRIMARY benefit of data classification.