Which of the following best describes the purpose of security controls in terms of ISO 31000? (Wentz QOTD)
A. To lower the likelihood or possibility of risk
B. To reduce the adverse impact of threats
C. To modify the effect of uncertainty on objectives
D. To mitigate the threats
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. To modify the effect of uncertainty on objectives.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
- Bitwise operation
- Block cipher mode of operation
- Confusion and diffusion
- Substitution–permutation network
密鑰交換是對稱密碼的固有問題。 以下哪項通常被認為是當今 TLS 中的最佳解決方案??(Wentz QOTD)
A. DH
B. RSA
C. ECDH
D. ECDHE