nerdexam
(ISC)2

CISSP · Question #1346

Which of the following is considered the FIRST step when designing an internal security control assessment?

The correct answer is C. Create a plan based on a recognized framework of known controls.. An internal security control assessment is a process of evaluating the effectiveness and compliance of the security controls implemented within an organization. The first step when designing an internal security control assessment is to create a plan based on a recognized framewo

Submitted by brentm· Mar 5, 2026Security Assessment and Testing

Question

Which of the following is considered the FIRST step when designing an internal security control assessment?

Options

  • ACreate a plan based on recent vulnerability scans of the systems in question.
  • BCreate a plan based on comprehensive knowledge of known breaches.
  • CCreate a plan based on a recognized framework of known controls.
  • DCreate a plan based on reconnaissance of the organization's infrastructure.

How the community answered

(62 responses)
  • A
    10% (6)
  • B
    5% (3)
  • C
    82% (51)
  • D
    3% (2)

Explanation

An internal security control assessment is a process of evaluating the effectiveness and compliance of the security controls implemented within an organization. The first step when designing an internal security control assessment is to create a plan based on a recognized framework of known controls, such as the NIST SP 800-53, ISO/IEC 27002, or COBIT. A framework of known controls provides a comprehensive and consistent set of security objectives, requirements, and best practices that can be used as a reference and a benchmark for the

Topics

#Security assessment#control assessment#security frameworks#audit planning

Community Discussion

No community discussion yet for this question.

Full CISSP Practice