312-50V11 · Question #770
Which of the following is a component of a risk assessment?
The correct answer is A. Administrative safeguards. A risk assessment evaluates threats, vulnerabilities, and existing controls - including administrative safeguards such as policies and procedures - to determine an organization's overall risk posture.
Question
Which of the following is a component of a risk assessment?
Options
- AAdministrative safeguards
- BPhysical security
- CLogical interface
- DDMZ
How the community answered
(52 responses)- A92% (48)
- B4% (2)
- C2% (1)
- D2% (1)
Why each option
A risk assessment evaluates threats, vulnerabilities, and existing controls - including administrative safeguards such as policies and procedures - to determine an organization's overall risk posture.
Administrative safeguards are the policies, procedures, and oversight processes used to manage the selection, implementation, and maintenance of security controls, and assessing whether adequate administrative safeguards exist is a recognized component of formal risk assessments under frameworks such as HIPAA Security Rule and NIST SP 800-30. Identifying gaps in administrative controls directly informs the risk level assigned to an organization.
Physical security is a category of protective control that may be evaluated during a risk assessment, but it is an implementation domain rather than a component of the assessment process itself.
Logical interface is a networking concept referring to virtual or software-defined interfaces and is not a recognized element of risk assessment methodology.
A DMZ is a network segmentation architecture used to isolate public-facing systems and is a security control to be evaluated, not a component of the risk assessment process.
Concept tested: Risk assessment components and administrative safeguards
Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.