Your company sells toys online through a large-scale web-based E-commerce system that supports HTTPS only. Which of the following is the most suitable framework or standard to protect the system? (Wentz QOTD)
A. ISO 27701
B. COBIT
C. NIST Risk Management Framework
D. CMMI
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. NIST Risk Management Framework
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
貴公司通過僅支持 HTTPS 的基於 Web 的大型電子商務系統在線銷售玩具。 以下哪項是最適合保護系統的框架或標準? (Wentz QOTD)
A. ISO 27701
B. PCI DSS
C. NIST 風險管理框架
D、CMMI