nerdexam
(ISC)2

CISSP-ISSEP · Question #52

Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.

The correct answer is A. Clinger-Cohen Act C. Paperwork Reduction Act (PRA). Both the Clinger-Cohen Act (A) and the Paperwork Reduction Act (C) are U.S. federal laws that explicitly require agencies to adopt risk-based approaches to managing IT and information resources cost-effectively - Clinger-Cohen mandates capital planning and investment control for

Governance and Training

Question

Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.

Options

  • AClinger-Cohen Act
  • BLanham Act
  • CPaperwork Reduction Act (PRA)
  • DComputer Misuse Act

How the community answered

(38 responses)
  • A
    87% (33)
  • B
    8% (3)
  • D
    5% (2)

Explanation

Both the Clinger-Cohen Act (A) and the Paperwork Reduction Act (C) are U.S. federal laws that explicitly require agencies to adopt risk-based approaches to managing IT and information resources cost-effectively - Clinger-Cohen mandates capital planning and investment control for IT (including security trade-offs), while the PRA establishes OMB's authority to oversee federal information resource management, which underpins risk-based security frameworks like FISMA's predecessors.

The Lanham Act (B) is federal trademark law - it protects brands and trade identities and has no connection to cybersecurity or risk management. The Computer Misuse Act (D) is a UK criminal statute that criminalizes unauthorized computer access; it is neither a U.S. law nor a risk-based policy framework - it's punitive, not preventive.

Memory tip: Both correct answers are about managing government resources efficiently - think "CCA + PRA = Cost-effective federal IT governance." If an answer is about trademarks (Lanham) or UK criminal law (Computer Misuse), it cannot be about U.S. risk-based security policy.

Topics

#Legislation#Government Regulations#Risk-based Approach#IT Governance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice