• vcp
  • New member
  • Offline

Topic: SY0-601 topic 1 question 844

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.
Shared deployment of CIS baselines
B.
Joint cybersecurity best practices
C.
Both companies following the same CSF
D.
Assessment of controls in a vulnerability report

Re: SY0-601 topic 1 question 844

C. Both companies following the same CSF

Re: SY0-601 topic 1 question 844

C:
A cybersecurity framework(CSF) is a list of activities and objectives undertaken to mitigate risks. The use of a framework allows an organization to make an objective statement of its current cybersecurity capabilities, identify a target level of capability, and prioritize investments to achieve that target. This is valuable for giving a structure to internal risk management procedures and provides an externally verifiable statement of regulatory compliance. Frameworks are also important because they save an organization from building its security program in a vacuum, or from building the program on a foundation that fails to account for important security concepts.

By having both companies follow the same CSF, they would be better able to align the security programs.

Re: SY0-601 topic 1 question 844

correct answer!

Re: SY0-601 topic 1 question 844

Both companies following the same CSF (Option C): A cybersecurity framework, such as NIST Cybersecurity Framework (CSF), ISO 27001, or others, provides a structured and comprehensive approach to cybersecurity. Aligning both companies with the same framework allows for a common understanding and implementation of security controls, risk management, and overall security governance

Re: SY0-601 topic 1 question 844

Both companies following same CSF (Cyber Security Framework)