CISSP PRACTICE QUESTIONS – 20191110

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. As a security professional, you are conducting a privacy impact assessment according to the standard, ISO 29134 – Guidelines for Privacy Impact Assessment, while other team members are in charge of other project work. Which of the following is least likely to happen at this stage?
A. Scope and tailor security controls
B. Categorize the E-Commerce system
C. Assess business impact
D. Ensure the use of secure SDLC processes


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Scope and tailor security controls.

SDLC and RMF

The audience of NIST guidelines is primarily government agencies. However, it’s also useful for enterprises to follow.

Privacy impact assessment, categorizing the E-Commerce system, assessing business impact, and ensuring the use of secure SDLC processes is at the initiation stage/phase, while scoping and tailoring security controls are at the Development/Acquisition phase.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s