You are going to apply scoping considerations and tailor security controls based on a baseline. Which of the following should be done first? (Wentz QOTD)
A. Add controls based on risk assessment
B. Determine asset value
C. Assign asset owners
D. Identify asset inventory

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Identify asset inventory.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Reference

---

您打算根據基線應用範圍的注意事項和調整安全控制。 首先應該完成以下哪項？ (Wentz QOTD)
A. 根據風險評鑑增加安全控制
B. 決定資產價值
C. 指定資產擁有者
D. 確定資產清單