nerdexam
ExamsCSSLPQuestions#187
(ISC)2(ISC)2

CSSLP · Question #187

CSSLP Question #187: Real Exam Question with Answer & Explanation

The correct answer is B: Tier 3. In risk management frameworks, Tier 3 specifically addresses risks from an information system perspective, focusing on how individual systems implement security controls and manage risks at an operational level.

Secure Software Lifecycle Management

Question

Which of the following tiers addresses risks from an information system perspective?

Options

  • ATier 0
  • BTier 3
  • CTier 2
  • DTier 1

Explanation

In risk management frameworks, Tier 3 specifically addresses risks from an information system perspective, focusing on how individual systems implement security controls and manage risks at an operational level.

Common mistakes.

  • A. Tier 0 is not a standard tier in most established risk management frameworks like NIST RMF.
  • C. Tier 2 typically addresses risks from a "Mission/Business Process" perspective, focusing on how systems support organizational functions and associated risks.
  • D. Tier 1 typically addresses risks from an "Organization-wide" perspective, focusing on governance, strategic objectives, and enterprise-level risk management.

Concept tested. NIST Risk Management Framework tiers

Reference. https://csrc.nist.gov/glossary/term/risk-management-tiers

Topics

#Risk Management Tiers#NIST RMF#Information System Risk#System-Level Risk

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions