Minimum security controls can only be determined after___________

Minimum security controls can only be determined after___________.

Minimum security controls can only be determined after___________.

A.
A penetration test.

B.
The aggregate CIA score has been computed.

C.
System securitypoliciesare put in place.

D.
A vulnerability assessment.

Explanation:
You must compute the CIA (Confidentiality. Integrity, and Availability) requirements of the system before you can determine the required minimum controls.

Answer option D is incorrect. A vulnerability assessment is a good practice, but is not necessary to determine minimal security controls.

Answer option A is incorrect. A penetration test is a good practice, but is not necessary to determine minimal security controls.

Answer option C is incorrect. The system securitypoliciesshould be developed after the CIA score has been computed.



Leave a Reply 0

Your email address will not be published. Required fields are marked *