nerdexam
(ISC)2

CISSP · Question #1057

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

The correct answer is A. It determines the security requirements.. The initial security categorization of a system plays a foundational role in defining the system’s security requirements. This categorization determines the level of protection needed based on the confidentiality, integrity, and availability of the system’s data and operations. T

Submitted by haru.x· Mar 5, 2026Security and Risk Management

Question

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

Options

  • AIt determines the security requirements.
  • BIt affects other steps in the certification and accreditation process.
  • CIt determines the functional and operational requirements.
  • DThe system engineering process works with selected security controls.

How the community answered

(37 responses)
  • A
    73% (27)
  • B
    16% (6)
  • C
    8% (3)
  • D
    3% (1)

Explanation

The initial security categorization of a system plays a foundational role in defining the system’s security requirements. This categorization determines the level of protection needed based on the confidentiality, integrity, and availability of the system’s data and operations. The security categorization will guide the selection of appropriate security controls to mitigate risks and ensure the system meets security objectives. Security categorization helps establish a baseline for security controls by identifying the criticality of the system and its data, which directly influences the level of security measures required (e.g., encryption, access controls, auditing, etc.).

Topics

#security categorization#system life cycle#security requirements#risk management framework

Community Discussion

No community discussion yet for this question.

Full CISSP Practice