CISSP-ISSEP · Question #52
Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.
The correct answer is A. Clinger-Cohen Act C. Paperwork Reduction Act (PRA). Both the Clinger-Cohen Act (A) and the Paperwork Reduction Act (C) are U.S. federal laws that explicitly require agencies to adopt risk-based approaches to managing IT and information resources cost-effectively - Clinger-Cohen mandates capital planning and investment control for
Question
Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.
Options
- AClinger-Cohen Act
- BLanham Act
- CPaperwork Reduction Act (PRA)
- DComputer Misuse Act
How the community answered
(38 responses)- A87% (33)
- B8% (3)
- D5% (2)
Explanation
Both the Clinger-Cohen Act (A) and the Paperwork Reduction Act (C) are U.S. federal laws that explicitly require agencies to adopt risk-based approaches to managing IT and information resources cost-effectively - Clinger-Cohen mandates capital planning and investment control for IT (including security trade-offs), while the PRA establishes OMB's authority to oversee federal information resource management, which underpins risk-based security frameworks like FISMA's predecessors.
The Lanham Act (B) is federal trademark law - it protects brands and trade identities and has no connection to cybersecurity or risk management. The Computer Misuse Act (D) is a UK criminal statute that criminalizes unauthorized computer access; it is neither a U.S. law nor a risk-based policy framework - it's punitive, not preventive.
Memory tip: Both correct answers are about managing government resources efficiently - think "CCA + PRA = Cost-effective federal IT governance." If an answer is about trademarks (Lanham) or UK criminal law (Computer Misuse), it cannot be about U.S. risk-based security policy.
Topics
Community Discussion
No community discussion yet for this question.