contestada

The nist sp 800-53, "recommended security controls for federal information systems" was written using a popular risk management approach. which of the following control areas best fits this description: "this is the area in which an organization develops, documents, periodically updates, and implements security plans for information systems"?
(a) system and services acquisition
(b) program management
(c) planning
(d) system and information integrity

Respuesta :

Answer:

c) planning

Explanation:

Planning involves the development of business plans, staffing plans and IT plans. In the statement given in question in order to plan security controls we need to map the risks associated and document them and then accordingly make arrangements to mitigate the risks.

By planning it helps in listing all the issues and then suggesting recommendations.

It helps not only in the beginning to make an outlay/road map for action plan. But it also helps in periodical updates and to  audit the previous actions.

Otras preguntas

ACCESS MORE