CISSP · Question #1057
The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?
The correct answer is A. It determines the security requirements.. The initial security categorization of a system plays a foundational role in defining the system’s security requirements. This categorization determines the level of protection needed based on the confidentiality, integrity, and availability of the system’s data and operations. T
Question
The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?
Options
- AIt determines the security requirements.
- BIt affects other steps in the certification and accreditation process.
- CIt determines the functional and operational requirements.
- DThe system engineering process works with selected security controls.
How the community answered
(37 responses)- A73% (27)
- B16% (6)
- C8% (3)
- D3% (1)
Explanation
The initial security categorization of a system plays a foundational role in defining the system’s security requirements. This categorization determines the level of protection needed based on the confidentiality, integrity, and availability of the system’s data and operations. The security categorization will guide the selection of appropriate security controls to mitigate risks and ensure the system meets security objectives. Security categorization helps establish a baseline for security controls by identifying the criticality of the system and its data, which directly influences the level of security measures required (e.g., encryption, access controls, auditing, etc.).
Topics
Community Discussion
No community discussion yet for this question.