Policies, standards, procedures, and guidelines are prominent governance elements. For example, NIST Special Publications 800-53 series are guidelines aligned with the Federal Information Processing Standards 200 (FIPS 200). Which family of the following security requirements is specified in FIPS 200? (Wentz QOTD)
A. Program Management
B. PII Processing and Transparency
C. Supply Chain Risk Management
D. Planning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Planning.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Reference

---

政策、標準、程序和指南是重要的治理要素。 例如，NIST 特別出版物 800-53 系列是符合聯邦信息處理標準 200 (FIPS 200) 的指南。 FIPS 200 規定了以下哪一類安全要求？ (Wentz QOTD)
A. 計畫管理 (Program Management)
B. PII 處理和透明度
C. 供應鏈風險管理
D、規劃 (Planning)