Watch this video on YouTube
In the context of allocating security controls within an organization, which principle ensures that controls are assigned based on the criticality and sensitivity of information assets?