Certified Chief Information Security Officer (CCISO) — Question 174
An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied.
What is the NEXT logical step in applying the controls in the organization?
Answer options
- A. Determine the risk tolerance
- B. Perform an asset classification
- C. Analyze existing controls on systems
- D. Create an architecture gap analysis
Correct answer: C
Explanation
The correct answer is C because analyzing existing controls on systems allows the organization to assess the effectiveness of its current security measures and identify areas for improvement. The other options, while important, do not directly follow the establishment of security controls; risk tolerance (A) and asset classification (B) are preliminary steps, and a gap analysis (D) would come after assessing existing controls.