CompTIA Security+ SY0-601 – Question321

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system
for the company. The CISO categorizes the system, selects the controls that apply to the system, implements
the controls, and then assesses the success of the controls before authorizing the system. Which of the
following is the CISO using to evaluate the environment for this new ERP system?


A.
The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002

Correct Answer: C

Explanation: