CISSP Question #1201: Real Exam Question with Answer & Explanation

Question

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Options

• AFocus on operating environments that are changing, evolving, and full of emerging threats.
• BSecure information technology (IT) systems that store, process, or transmit organizational
• CEnable management to make well-informed risk-based decisions justifying security expenditure.
• DProvide an improved mission accomplishment approach.

Explanation

NIST's modern risk management framework emphasizes adapting to dynamic, evolving threat landscapes rather than static security postures. This reflects a shift from traditional, compliance-focused approaches to continuous, adaptive risk management.

Common mistakes.

• B. Securing IT systems that store, process, or transmit data represents a traditional, system-centric security objective aligned with older frameworks like FISMA's original intent, not the modern adaptive risk management shift NIST advocates.
• C. Enabling management to make risk-based decisions to justify security expenditure is a longstanding goal of risk management and business case development, not a distinguishing characteristic of NIST's modern shift toward dynamic threat environments.
• D. Providing an improved mission accomplishment approach is a general organizational benefit of risk management broadly, but it does not specifically capture NIST's modern emphasis on adapting to evolving and emerging threat landscapes.

Concept tested. NIST modern adaptive risk management framework evolution

Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

No community discussion yet for this question.