One of the security framework’s purposes is to guide the selection of controls based on security requirements to secure information systems. Which of the following is correct about security frameworks? (Wentz QOTD)
A. A framework sets the standard for organizations to follow
B. A framework should be as exhaustive as possible
C. A framework may lead to mandatory practices
D. Various frameworks should not be adopted simultaneously
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. A framework may lead to mandatory practices.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
My justification is under development.
安全框架(framework)的目的之一是根據安全要求指導控制措施(control)的選擇，以保護資訊系統。 關於安全框架，以下哪項是正確的？ (Wentz QOTD)