
The Authorizations to Operate (ATO) for information systems is granted after controls assessment and system authorization as a formal decision for the management to accept the residual risk. To support continuous authorization, which of the following tasks should be implemented first? (Wentz QOTD)
A. Automation for enforcement of policies and controls
B. Continuous integration and delivery
C. Continuous monitoring approach for the applicable security controls
D. Automated ways of performing security assessments
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue reading