HomeworkLib
Question

Which publication includes the Risk Management Framework procedures and provides guidance on security-control selections for federal...

Which publication includes the Risk Management Framework procedures and provides guidance on security-control selections for federal information systems?

A. CBK

B. NIST SP 800-53

C. FIPS 199-33 rev.2

D. all of these answers are correct

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

B. NIST SP 800-53

0 0
Add a comment
Know the answer?
Add Answer to:
Which publication includes the Risk Management Framework procedures and provides guidance on security-control selections for federal...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication...

    How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication 800-53 may also apply in the private sector?

  • When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the mea...

    When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the means by which we describe the "to be" (or "should be") state of IT systems and Information Security Management Programs. There are a variety of guidance documents which list and define sets of security controls. Each of these documents or sets of controls has an underlying framework. One of...

  • When performing a gap analysis, one must have an understanding of the desired future or "to...

    When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the means by which we describe the "to be" (or "should be") state of IT systems and Information Security Management Programs. There are a variety of guidance documents which list and define sets of security controls. Each of these documents or sets of controls has an underlying framework. One of...

  • If an organization is going to have a chance at a successful security program they need...

    If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...

  • Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control...

    Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...

  • The list of answers are: Adverse Agreed- Upon Procedures Assertions Attestation Risk Consistent Measurements Control Criteria...

    The list of answers are: Adverse Agreed- Upon Procedures Assertions Attestation Risk Consistent Measurements Control Criteria Financial Forecast Quantitative or Qualitative (nonquantitative) Responsible Party SOC 3 Trust Services Select the necessary words from the list of possibilities to complete the following statements. Statements Answer To present a report that includes an assertion about internal control over compliance, management should evaluate the company's internal control using some appropriate User and preparer needs regarding issues of security, availability, processing integrity, online privacy,...

  • Internal controls can be categorized using the following framework: 1. Control environment 2. Risk assessment 3....

    Internal controls can be categorized using the following framework: 1. Control environment 2. Risk assessment 3. Information and communication 4. Control activities 4.1. Authorization 4.2. Performance reviews 4.3. Information-processing controls 4.3.1. IT general controls 4.3.2. IT application controls 4.3.3. IT-dependent manual controls 4.4 Physical controls 4.5 Segregation of duties 5. Monitoring Following is a list of controls implemented by Waterfront, Inc. a. Management established a code of conduct that includes rules regarding conflicts of interest for purchasing agents. b. Waterfront's...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • Identifying flaws in contingency plan Objectives: Research real world incidents, identify shortc...

    Identifying flaws in contingency plan Objectives: Research real world incidents, identify shortcoming (IR, BP or CP) and recommend possible solutions. Course Learning Outcomes: CL05, CL01: Student will be able to understand, implement and bring recommendations to contingency plan Tools or Equipment Needed: PC Internet explorer or chrome Internet Theoretical Background: A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. A contingency...

  • Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee

    1. Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A. Management's failure to renegotiate unfavorable long-term purchase commitments.B. Recurring operating losses that may indicate going concern problems.C. Evidence of a lack of objectivity by those responsible for accounting decisions.D. Management's current plans to reduce its ownership equity in the entity. 2. After obtaining an understanding of internal control and arriving at a preliminary assessed level...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT