CompTIA CySA+ (CS0-001) — Question 265

A Chief Information Security Officer (CISO) wants to standardize the company's security program so it can be objectively assessed as part of an upcoming audit requested by management.
Which of the following would holistically assist in this effort?

Answer options

• A. ITIL
• B. NIST
• C. Scrum
• D. AUP
• E. Nessus

Correct answer: B

Explanation

The correct answer is NIST, as it provides a comprehensive framework for managing and assessing security risks, which is essential for standardizing security programs. ITIL focuses on IT service management rather than security specifically, Scrum is a framework for agile project management, AUP is an Acceptable Use Policy that does not provide a holistic security framework, and Nessus is a vulnerability assessment tool, not a standard for security management.