CAS-003 · Question #260
A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One syst
The correct answer is D. Provide a business justification for a risk exception. The Exception Request must include: A description of the non-compliance. The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non- compliance. The propose
Question
A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?
Options
- AEstablish a risk matrix
- BInherit the risk for six months
- CProvide a business justification to avoid the risk
- DProvide a business justification for a risk exception
How the community answered
(59 responses)- A12% (7)
- B7% (4)
- C3% (2)
- D78% (46)
Explanation
The Exception Request must include: A description of the non-compliance. The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non- compliance. The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance. An endorsement of the request by the appropriate Information Trustee (VP or Dean).
Topics
Community Discussion
No community discussion yet for this question.