CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 85

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?

Answer options

• A. Service-oriented architecture
• B. Sherwood Applied Business Security Architecture
• C. Service-oriented modeling framework
• D. Service-oriented modeling and architecture

Correct answer: B

Explanation

The Sherwood Applied Business Security Architecture (SABSA) is specifically designed to develop security architectures based on risk and business objectives, making it the best choice for the tasks outlined. The other options, while relevant to service-oriented design, do not focus on the risk-driven aspect of security architecture and are less suited for the specific needs of a CSO.