Home » ISC » CISSP-2018 » Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
A. Security governance
B. Risk management
C. Security portfolio management
D. Risk assessment
Correct Answer: B
Explanation/Reference:
Download Printable PDF. VALID exam to help you PASS.
|
|
B is correct answer.
“6.3.3 Risk Management
Effective risk management entails identification of technology assets; identification
of data and its links to business processes, applications, and data
stores; and assignment of ownership and custodial responsibilities.”
Cloud Computing Implementation, Management, and Security
John W. Rittinghouse James F. Ransome
I agree. Risk management has nothing to do with assigning roles and responsibilities.
Its A.
“Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Risk Analysis (RA) helps ensure that an organization properly identifies, analyzes, and mitigates risk. “