CRISC Certified in Risk and Information Systems Control – Question373
Which of the following come under the management class of controls?
Each correct answer represents a complete solution. (Choose two.) A. Risk assessment control B. Audit and accountability control C. Program management control D. Identification and authentication control
Correct Answer: AC
Explanation:
Explanation:
The Management class of controls includes five families. These families include over 40 individual controls. Following is a list of each of the families in the Management class:
Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps to implement a security and assessment program. It includes controls to ensure only authorized systems are allowed on a network. It includes details on important security concepts, such as continuous monitoring and a plan of action and milestones.
Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of Behaviour for users. Rules of Behaviour are also called an acceptable use policy.
Risk Assessment (RA): This family of controls provides details on risk assessments and vulnerability scanning.
System and Services Acquisition (SA): The SA family includes any controls related to the purchase of products and services. It also includes controls related to software usage and user installed software.
Program Management (PM): This family is driven by the Federal Information Security Management Act (FISMA). It provides controls to ensure compliance with FISMA. These controls complement other controls. They don’t replace them.
Incorrect Answers: B, D: Identification and authentication, and audit and accountability control are technical class of controls.
Please disable your adblocker or whitelist this site!