CRISC · Question #367
CRISC Question #367: Real Exam Question with Answer & Explanation
The correct answer is D: Consistent management of information assets. The primary benefit of integrating risk and security requirements into an organization's enterprise architecture (EA) is the consistent management of information assets.
Question
Which of the following is the PRIMARY benefit of integrating risk and security requirements in an organization's enterprise architecture (EA)?
Options
- AAdherence to legal and compliance requirements
- BReduction in the number of test cases in the acceptance phase
- CEstablishment of digital forensic architectures
- DConsistent management of information assets
Explanation
The primary benefit of integrating risk and security requirements into an organization's enterprise architecture (EA) is the consistent management of information assets.
Common mistakes.
- A. While adherence to legal and compliance requirements is a benefit, consistent management of information assets is a broader and more fundamental outcome that enables compliance.
- B. Reduction in test cases is a potential operational benefit, but not the primary or most strategic benefit of integrating risk/security into EA.
- C. Establishment of digital forensic architectures is a specific security capability, but not the overall primary benefit of integrating risk and security into EA, which is about broader asset protection.
Concept tested. Benefits of integrating security into enterprise architecture
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf
Topics
Community Discussion
No community discussion yet for this question.