An information system needs the official management decision given by a senior organizational official to authorize the operation and to accept the residual risk explicitly. Which of the following provides the final decision? (Wentz QOTD)
A. Risk-based auditing
B. Authoritative accreditation
C. Comprehensive security assessment
D. Third-party security evaluation using objective criteria
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is __.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
信息系統需要高級組織官員給出的官方管理決策來授權操作並明確接受剩餘風險。 以下哪項提供了最終決定？ (Wentz QOTD)