nerdexam
(ISC)2

CISSP · Question #80

The stringency of an Information Technology (IT) security assessment will be determined by the

The correct answer is C. sensitivity of the system's datA.. The stringency of an Information Technology (IT) security assessment will be determined by the sensitivity of the system's data, as this reflects the level of risk and impact that a security breach could have on the organization and its stakeholders. The more sensitive the data,

Submitted by devops_kid· Mar 5, 2026Security Assessment and Testing

Question

The stringency of an Information Technology (IT) security assessment will be determined by the

Options

  • Asystem's past security record.
  • Bsize of the system's database.
  • Csensitivity of the system's datA.
  • Dage of the system.

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    6% (3)
  • C
    91% (49)
  • D
    2% (1)

Explanation

The stringency of an Information Technology (IT) security assessment will be determined by the sensitivity of the system's data, as this reflects the level of risk and impact that a security breach could have on the organization and its stakeholders. The more sensitive the data, the more stringent the security assessment should be, as it should cover more aspects of the system, use more rigorous methods and tools, and provide more detailed and accurate results and recommendations. The system's past security record, size of the system's database, and age of the system are not the main factors that determine the stringency of the security assessment, as they do not directly relate to the value and importance of the data that the system processes, stores, or transmits.

Topics

#security assessment scope#data sensitivity#risk assessment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice