212-82 Question #129: Real Exam Question with Answer & Explanation

Question

As the IT security manager for a burgeoning e-commerce company, you're keen on implementing a formal risk management framework to proactively tackle security risks associated with the company's rapid online expansion. Given your focus one-commerce and the need for scalability, which risk management framework is likely the most relevant?

Options

• AISO 27001 - Provides a comprehensive information security management system (ISMS).
• BNIST Cybersecurity Framework (CSF) - Offers a general, customizable approach.
• CPCI DSS (Payment Card Industry Data Security Standard) - Targets credit card data security
• DCOBIT (Control Objectives for Information and Related Technology) - Focuses on IT governance

Explanation

Given the need for a scalable and adaptable risk management framework for a burgeoning e-commerce company, the NIST Cybersecurity Framework (CSF) is the most relevant choice.

Common mistakes.

• A. ISO 27001 provides a comprehensive Information Security Management System (ISMS), but its implementation can be extensive and prescriptive, potentially being more heavyweight than necessary for a rapidly growing company needing an adaptable framework.
• C. PCI DSS (Payment Card Industry Data Security Standard) is a compliance standard specifically for organizations handling credit card data, making it a component of risk management rather than a general, overarching risk management framework for all security risks.
• D. COBIT (Control Objectives for Information and Related Technology) primarily focuses on IT governance and ensuring IT aligns with business goals, which is broader than a specific cybersecurity risk management framework.

Concept tested. Cybersecurity risk management frameworks

Reference. https://www.nist.gov/cyberframework

No community discussion yet for this question.