CompTIA Security+ (SY0-601) — Question 650

Which of the following provides guidelines for the management and reduction of information security risk?

Answer options

• A. CIS
• B. NIST CSF
• C. ISO
• D. PCI DSS

Correct answer: B

Explanation

The NIST Cybersecurity Framework (NIST CSF) is specifically designed to provide guidelines for improving cybersecurity risk management. While CIS, ISO, and PCI DSS offer valuable frameworks and standards, NIST CSF is most focused on the management and reduction of information security risk.