CISSP Question #1298: Real Exam Question with Answer & Explanation

Question

What is the MAIN purpose of a security assessment plan?

Options

• AProvide guidance on security requirements, to ensure the identified security risks are properly
• BProvide the objectives for the security and privacy control assessments and a detailed roadmap
• CProvide technical information to executives to help them understand information security postures
• DProvide education to employees on security and privacy, to ensure their awareness on policies

Explanation

The main purpose of a security assessment plan is to provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments. A security assessment plan defines the scope, criteria, methods, roles, and responsibilities of the security assessment process, which is the process of evaluating and testing the effectiveness and compliance of the security and privacy controls implemented in an information system. A security assessment plan helps to ensure that the security assessment process is consistent, systematic, and comprehensive. A security assessment plan does not provide guidance on security requirements, as this is the role of a security requirements analysis or a security architecture design. A security assessment plan does not provide technical information to executives, as this is the role of a security report or a security briefing. A security assessment plan does not provide education to employees, as this is the role of a security awareness or a security training program.

No community discussion yet for this question.