The InfoSec measurement development process recommended by NIST isis divided into two major activities.Which of the following is one of them?
A) Regularly monitor and test networks
B) Identification and definition of the current InfoSec program
C) Maintain a vulnerability management program
D) Compare organizational practices against organizations of similar characteristics

Question

Quizplus · Accepted Answer

The two major activities in the InfoSec measurement development process recommended by NIST are:

1) Identification and definition of the current InfoSec program
2) Selection, implementation, and measurement of InfoSec controls

Therefore, option B, which mentions the identification and definition of the current InfoSec program, is one of the two major activities in the InfoSec measurement development process. The other options mentioned, such as regularly monitoring and testing networks, maintaining a vulnerability management program, and comparing organizational practices against organizations of similar characteristics, are important components of an effective InfoSec program but they are not the major activities in the InfoSec measurement development process.

The InfoSec Measurement Development Process Recommended by NIST Isis Divided