CISSP PRACTICE QUESTIONS – 20211213

Effective CISSP Questions

As the system owner, you are categorizing an information system to determine baseline security controls. Which of the following criteria is the best for system categorization? (Wentz QOTD)
A. Resilience of the information system
B. Availability of information and information system
C. The safety and experience of system users
D. Security properties of information types processed by the system

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Security properties of information types processed by the system.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

NIST RMF - Risk Management Framework
NIST RMF – Risk Management Framework (NIST SP 800-12 R1)

Even though the safety and experience of system users is the first priority and golden rule in information security, this question assumes the context of the NIST Risk Management Framework. When categorizing a system, we determine the impact of the system by the high watermark of confidentiality, integrity, and availability of information types processed by the system.

Categorize System
Categorize System
Security Categorization of Mission Information
Security Categorization of Mission Information (Source: NIST SP 800-60 V2 R1)

Reference


作為系統所有者,您正在對信息系統進行分類以決定基準安全控制。 以下哪個標準最適合系統分類?(Wentz QOTD)
A. 信息系統的韌性(Resilience)
B. 信息和信息系統的可用性
C. 系統用戶的安全和體驗
D. 系統處理的信息類型的安全屬性



Leave a Reply