Certified SOC Analyst (CSA) — Question 29
Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?
Answer options
- A. COBIT
- B. ITIL
- C. SSE-CMM
- D. SOC-CMM
Correct answer: C
Explanation
SSE-CMM is specifically focused on security engineering practices and outlines the necessary characteristics for effective security processes. COBIT and ITIL are broader governance and service management frameworks that do not specifically target security engineering. SOC-CMM, while related to security, does not encompass the comprehensive approach provided by SSE-CMM.