CISSP · Question #1346
Which of the following is considered the FIRST step when designing an internal security control assessment?
The correct answer is C. Create a plan based on a recognized framework of known controls.. An internal security control assessment is a process of evaluating the effectiveness and compliance of the security controls implemented within an organization. The first step when designing an internal security control assessment is to create a plan based on a recognized framewo
Question
Which of the following is considered the FIRST step when designing an internal security control assessment?
Options
- ACreate a plan based on recent vulnerability scans of the systems in question.
- BCreate a plan based on comprehensive knowledge of known breaches.
- CCreate a plan based on a recognized framework of known controls.
- DCreate a plan based on reconnaissance of the organization's infrastructure.
How the community answered
(62 responses)- A10% (6)
- B5% (3)
- C82% (51)
- D3% (2)
Explanation
An internal security control assessment is a process of evaluating the effectiveness and compliance of the security controls implemented within an organization. The first step when designing an internal security control assessment is to create a plan based on a recognized framework of known controls, such as the NIST SP 800-53, ISO/IEC 27002, or COBIT. A framework of known controls provides a comprehensive and consistent set of security objectives, requirements, and best practices that can be used as a reference and a benchmark for the
Topics
Community Discussion
No community discussion yet for this question.