An architect has been engaged to write the security viewpoint of a new initiative. Which of the
following BEST describes a repeatable process that can be used for establishing the security
architecture?
A.
Inspect a previous architectural document. Based on the historical decisions made, consult the
architectural control and pattern library within the organization and select the controls that appear
to best fit this new architectural need.
B.
Implement controls based on the system needs. Perform a risk analysis of the system. For any
remaining risks, perform continuous monitoring.
C.
Classify information types used within the system into levels of confidentiality, integrity, and
availability. Determine minimum required security controls. Conduct a risk analysis. Decide on
which security controls to implement.
D.
Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium
risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an
adequate security posture.